BSM TEchDay: July 2009

Sunday, July 12, 2009

10 ways to stay out of trouble when you post to Social Networking sites (Example: Facebook)

A few years back, social networking (SN) was just for kids. Sites such as MySpace and Facebook were used primarily by teenagers and college students to interact with friends. Now as we approach the second decade of the twenty-first century, social networking has grown up and entered the mainstream. Everybody who’s anybody has at least dabbled in it, and the demographics are definitely changing. I recently received a Facebook “friend” request from an 88-year-old lady, and she is by no means the only senior citizen on my friends list. Other friends include 20something family members and at least one 18-year-old who’s a fan of my newsletters, as well as numerous colleagues in the tech industry, folks from high school, several aunts and cousins, and quite a few people I worked with in my law enforcement days.

When you have such an eclectic group of people all watching, at the same time, what you’re saying, it can present some challenges and potential problems. Most of us don slightly different personas depending on where we are and who we’re with. We don’t act the same or say the same things when we go to dinner with mom and dad as when we’re out with longtime friends, and we adopt yet another demeanor when we’re dining with business associates. Yet our social networks may bring people from all these groups, and others, together. That’s why it’s important to sit down and think about a few issues before you begin building a social network — and plan a strategy that will let you enjoy its benefits without doing harm to your career, your marriage, or your friendships. And if it’s too late for that, it’s not too late to consider the following 10 things the next time you start to post to a SN site.

1: Where are you and what are you here for?

The first thing to consider is the nature of the social networking site(s) you’re using. Some sites are geared toward professional and business relationships, while others are more purely social. Some posts that wouldn’t cause anyone to lift an eyebrow on Facebook or MySpace would be considered inappropriate on LinkedIn. This is true even if you have the same contacts on both sites. Think of it this way: You probably don’t behave exactly the same way in the office as when you’re out at a restaurant or bar with friends from the office.

There are applications that allow you to link your updates across sites. For example, when you post to Twitter, the post also automatically becomes a status update to your Facebook page. This can save time and effort when used properly. However, if used incorrectly, it can alienate your friends. Twitter followers generally have no problem with you tweeting many times per day. Your Facebook friends may not be as happy to see your hourly updates, especially if they’re along the lines of “Now I’m about to go to the store,” and “Just finished dinner and ready to load the dishwasher.” I know several people who have gone so far as to “unfriend” Facebook friends whose excessive Twitter updates fill up their feed.

Whereas some sites, such as LinkedIn and Classmates.com, have a more narrowly defined purpose, the more general SN sites can be used in different ways. A Facebook page can be used to keep in touch with family and friends who live far away, to get back in touch with old schoolmates or former work colleagues, to interact with others in your industry, to try to find a job, or as a dating service. Any of those purposes can be a legitimate use of the sites, but you may run into problems if you try to combine purposes on one site.

2: Who’s in the audience?

Social networking is generally (although not exclusively) a form of written communication. All writers know that the first rule of writing is to know who’s in your audience, because that determines not only what you say but also how you say it. If you’ve decided to use SN as a general public broadcast tool, being familiar with everyone in the audience is not as important. For instance, I use Twitter to announce when I have a new article published or make a new blog post, or to call attention to articles by others that I feel are worthwhile. My Twitter page is open to everyone and goes into the public timeline, and I keep my updates there appropriate for that purpose.

My Facebook account is used for a very different purpose and is closed to the public. I find it best to know something about the people in that smaller circle of friends, to be aware of issues that might be hot buttons and topics of conversation that may make some of them uncomfortable. You also have to keep in mind that you can’t please everybody. One of my Facebook friends recently criticized me for posting about “trivial topics” like birds and cats and TV shows when there are so many important and even life-threatening things going on in the world. Another friend noted that Facebook is where she comes to get away from the political arguments, dire economic forecasts, and other unpleasantness. And others likened your social networking page to your living room or front yard — a place that belongs to you, but where others pass through to visit. On your own private property, you set the tone and the rules. If others don’t like it, they can leave; if they don’t respect your rules, you can have those visitors removed.

Ultimately, most sites allow you to control who your audience is, and many of us pick our online friends pretty carefully. Then there are those who are “friend collectors.” You know who I’m talking about: the guy or gal who has 1,500 “friends,” many of whom he/she has never met, virtually or otherwise, and knows nothing about — but he/she feels validated by this “popularity.” Politicians and celebrities often fall into this category, too. Sometimes, not so much because they compulsively seek out “friends” as because they’re afraid to refuse any friendship request for fear it will mean a lost vote or a disgruntled fan. How many friends is too many? Only you can decide — and there’s no right answer. What’s important is that you decide whether to have an open door policy or to be more picky, and tailor your posts accordingly.

3: Do you dare mix business with pleasure?

One of the biggest dangers of social networking comes when you mix your audiences — for example, having friends or followers who are business associates on the same account as personal friends, family members, and so forth. Deciding what is or isn’t appropriate to post can get complicated really fast in that situation. A seemingly innocuous joke that your old college buddies might enjoy a lot may fall flat or even come across as offensive to a business colleague, causing awkwardness in working together. Comments you make in response to an office mate’s post on your wall could inadvertently reveal business information that those outside the company shouldn’t know. A family member’s teasing remark on your page about how drunk you got at Uncle Dave’s birthday party could put you in a bad light if your boss reads it. And do you really want all your Internet pals to see those pictures of you as an awkward teenager that your Aunt Maggie tagged?

Then there are all those games and third-party apps that permeate some of the social networking sites. It might not matter much if you publish your progress in harvesting your crops on Farm Town, but if your favorite pastime is consuming gallons of virtual alcohol and sending rounds to your drinking buddies, that might not be the image you really want to convey to a potential future employer or client (or your mom).

4: It’s not just what you post

As we touched on with Aunt Maggie’s photos above, it’s not just what you post yourself that can get you in trouble. Especially if you’re new to social networking, you might not realize that your friends may be able to see some or all of what your other friends post on your site, as well as pictures they post on their own sites that “tag” (identify) you as one of the subjects.

Others’ posts can end up embarrassing you without intending to, so keep in mind that old adage about choosing your friends wisely. And remember that it works two ways: Don’t post things on a friend’s site that could be an embarrassment to him/her if the other person’s boss, spouse, or minister saw it.

5: A picture is worth a thousand words — and can be a thousand times more embarrassing

Social sites such as Facebook and MySpace allow you to post much more than text. You can share pictures, videos, links, and more. This enables rich interaction, but it also provides even greater opportunities to make a faux pas that could be damaging to your career, marriage, or friendships.

Rule number one: Don’t post pictures or videos of yourself in “compromising positions” — drinking/drunk, in provocative dress (or lack thereof), showing off your (usually not visible) tattoo, hanging all over someone other than your spouse (or even if you’re single, someone else’s spouse), and so forth. Don’t do it even if it’s obvious to you that it’s just a joke. Don’t do it even if you think you’ve restricted viewing of the album to just your closest friends. Remember that even if you come to your senses tomorrow and take the picture down, someone could already have copied and saved it.

Rule number two: Don’t post pictures or videos of other people without their permission or unless you’re absolutely sure they don’t mind — including pictures that are not at all compromising or offensive. Some societies equate taking a photo of someone with stealing that person’s soul. While most people wouldn’t go that far, many folks don’t like being photographed or having pictures of themselves displayed, even if you think they look great.

Also be cautious about “photo overload.” Friends enjoy seeing your favorite pictures, but don’t upload all 247 pictures from your trip to Maui or every single picture you take of your new grandbaby. Pick out a few of the best. And don’t put 50 photos of yourself on your site and none of anyone else. That makes you look a bit narcissistic, at best.

6: Sensitive subjects can come back to bite you

Many people use status updates to post about what they’re doing at a given time. Others use them more as mini journal entries, saying whatever might be on their minds regarding current events, their personal lives, etc. As in the “real world,” you have to be careful when you start offering opinions, judgments, and commentaries. Venture carefully when you address the traditional hot topics: politics, sex, and religion.

You should also think twice before you report on your involvement in legal issues or post something that might have ramifications pertaining to tax matters. Your joking post on Uncle Ed’s wall thanking him for taking you to dinner on his company’s expense account could mark the last time he ever takes you to dinner — or speaks to you. Your venting about something going on at work — or even your excitement about what’s happening there — could get you in trouble or be a violation of a contractual agreement.

Be careful in responding to others’ rants and raves, too. If a friend or co-worker posts about the rotten thing her husband did to her, offering your sympathy might seem like the right thing to do. But two weeks later, when they’ve kissed and made up, she may not remember with kindness your eager agreement about what a rotten guy he is.

7: Avoid the perils of PUI: Posting under the influence

We all know that driving under the influence of alcohol or other mind-altering substances can lead to tragedy. Posting to social networking sites when you’re inebriated can be almost as dangerous. Being under the influence of strong emotions, such as anger, fear, or grief, or suffering from lack of sleep can similarly impair your judgment and cause you to post things you otherwise wouldn’t.

This is such a common phenomenon that Google’s Gmail has an add-on feature (called Mail Googles, enabled through the Labs tab in the account Settings) that requires you to solve math problems before you can send email late at night on the weekends. The idea is to ensure that your cognition is not impaired and to prevent you from sending messages you might regret later.

8: Be ready to reject a friendship request or “unfriend” someone

Some people have a hard time saying no. But if you accept every friendship request you receive, you may end up feeling as if you’ve thrown open the doors of your home and now you have a bunch of strangers camped out in your living room, watching — and commenting on — everything you do and say. This all goes back to knowing your audience. It also requires that you have the courage to risk hurting some feelings by declining some offers of friendship.

Even more difficult is the decision to “unfriend” a person who’s already on your friend list. It might help to know that most sites don’t explicitly notify people when they’ve been removed from your list of friends. And if you don’t mind having those people see your posts but just don’t want to see theirs — maybe they constantly rant about politics or proselytize about their religions, or maybe they just post dozens of status updates a day that are boring — you may not need to unfriend them. Facebook, for example, allows you to “hide” a particular person’s posts from your friend feed. They still see all your updates (unless, of course, they hide you, too).

9: Are you familiar with the site’s settings and options?

One of the most important things you can do when you start using a social networking site is to completely familiarize yourself with how it works and the settings and options you can configure. You may be able to place people into groups and then control which of your items (wall posts, friends’ posts, etc.) they can see on a group-by-group or individual basis. When you upload photos, you may be able to restrict who can see specific pictures or albums. You may be able to specify that you be notified via email of various events, such as a person replying to one of your posts or someone tagging you in a photo, so that you won’t be taken by surprise. You can even prevent friends from posting to your wall altogether or use the customization options to allow only specific friends to see wall postings.

Social networking sites provide sophisticated privacy tools; take advantage of them to prevent faux pas. But remember that others who do have access can take screen shots or even digital photos of the screen and forward them to others.

10: Should you use a pseudonym?

You might be wondering if the best way to avoid all these problems is to just use a pseudonym for your social networking accounts. You could create a fake persona and say whatever you want and nobody would know it’s you. Aside from the fact that this pretty much defeats the whole purpose of social networking — getting to know people and letting them get to know you — it is also a violation of the Terms of Service (ToS) of most social networking sites. In fact, in a famous court case, a woman in Missouri was charged with unauthorized computer access because she violated the ToS by creating a MySpace account with a false identity. (For details, see Judge tentatively acquits woman in MySpace case.) Although she was acquitted of the criminal charge, this points up the fact that the ToS is in essence a contract, and violating its terms can have legal ramifications.

Summary

Who knew there was so much to think about before ripping off a quick post to your favorite social networking site? But not stopping to consider what you’re saying, and to whom you’re saying it, can have serious consequences. In many ways, the Internet is forever — and your actions there can come back to haunt you years later. Social networking can be a useful tool for both business and personal purposes, as long as you use it the right way.

10 technologies that cybercriminals love to exploit

By Debra Littlejohn Shinder, MCSE, MVP
Copyright ©2008 CNET Networks, Inc. All rights reserved.

New technologies make it easier for all of us to get our work done online, communicate with others, and take advantage of all the Internet-based entertainment that’s available today. But many of those same technologies have also made it easier for cybercriminals—the bad guys who use the ‘Net for illegal purposes—to do their dirty deeds. We’re talking about hackers, attackers, spammers, scammers, phishers, and other criminal types.
In this article, we’ll take a look at the top 10 online technologies that they love to exploit and see how you can protect yourself, both at home and at your business, when using those technologies.

1. Broadband connectivity
Broadband has come to most of the United States, with almost 73 million subscribers as of the end of 2007. That’s more than 50% of U.S. households and more than 70% of all home Internet subscribers. Experts predict that by 2012, more than 70% of households will have broadband access.
Broadband has many advantages for users, including high speed at relatively low cost and the "always-on" nature that eliminates the need to log onto the ISP each time you want to access Internet resources. But those same characteristics also make it the perfect technology for exploitation by hackers and attackers. Having your computer connected to the ‘Net 24/7 means the cybercriminals have a much wider window of opportunity to gain access and steal your data, crash your computer, or otherwise do you harm. And the high speed of new access technologies (for example, Verizon now offers 50Mbps plans and predicts speeds up to 100Mbps or more in the near future) means a "drive-by download" can put even a large malicious file on your machine in just seconds.

2. Wi-fi networking
Another technology that has become incredibly popular is wi-fi, or 802.11 wireless networking. With increasing frequency, both home and business networks are connected by wireless technologies instead of Ethernet cables, and wi-fi hotspots proliferate in public places such as coffee shops, airports, hotels, and city parks. Wi-fi offers maximum convenience because you can move around and stay connected, but it also makes it more convenient for a criminal to get onto your network and into your system without your even knowing, since anyone with a wireless-enabled laptop within range can intercept the signals.
Unlike their older counterparts, new wireless access devices use encryption by default—but you need to check and ensure that yours uses the more secure encryption, such as WPA/WPA2/802.11i rather than WEP, which is easy to crack. You should also use strong encryption for the applications you run over a wireless network (for example, SSH and TLS/HTTPS). You can use a VPN (virtual private network) or IPsec to encrypt traffic traveling over a wireless LAN, and you should create a separate network segment for your wireless communications if you also have a wired LAN. For more information about wi-fi security, see http://www.wardrive.net/.

3. Removable media
Floppy drives have been almost entirely replaced by CD/DVD readers/writers, flash card readers, and USB drives, but whatever the form, cybercriminals love removable media. If they can get physical access to a computer, they can quickly and easily copy files and remove them, often with no one the wiser. Removable media also pose a security risk because it’s easy to lose discs, thumb drives, flash cards, and the like.
You can use Group Policy in Vista or edit the registry in XP to disable use of USB devices. You can also get third-party software that will block the use of any I/O devices through USB and IEEE1394 ports or using BlueTooth wireless connections. For example, see http://www.lumension.com/usb_security.jsp
If you’re concerned about removable drives or cards being lost or stolen and the data on them accessed, you can encrypt the data on flash cards, CDs, and DVDs so that you can still work with them on different computers but a thief can’t. For example, see http://www.dekart.com/howto/howto_disk_encryption/encrypt_flash_drive_cd_dvd/.

4. The Web
The Web is hardly a "new" technology now, but it’s still a favorite of cybercriminals because almost everyone who connects to the Internet uses a Web browser. Back when the Web was text-based, browsing was a pretty safe activity, but today’s Web pages are expected to do much more, and many of them run programs—such as Javascripts and Active-X controls—to give users a much richer multimedia experience. The problem is that attackers can use these browser capabilities to run their own malicious programs on your computer.
Don’t be fooled into thinking that because you use a particular browser, you’re safe. All popular browsers have vulnerabilities and can be exploited. More important is the browser’s settings. If you disable Javascript and Active-X for most sites, you’ll make it more difficult for attackers to get to your computer through your browser (but you may also not be able to properly view some sites). It’s also important to install security updates for your browser as they’re released.

5. E-mail and instant messaging
E-mail is becoming ubiquitous. Almost everybody has one or more e-mail addresses, and it’s one of the most convenient ways to communicate. It has almost the same immediacy as a phone call or instant message without the pressure to answer in real time unless you want to.
Unfortunately, e-mail also has some characteristics that make it attractive to criminals. They can send mail with spoofed return addresses so that it’s difficult or impossible to discover the true origin of the messages. Thus, they can get away with sending spam, phishing messages, threats, child pornography, and other types of illegal correspondence. Instant messaging programs can also present a threat. As with e-mail, IMers can pretend to be someone else, and most IM programs now support file transfer, which provides a way for criminals to download malicious software to your machine.
Technologies to authenticate the identity of e-mail senders, such as Microsoft’s Sender ID and the more generic SPF, can solve the spoofing problem—but only if all e-mail domain owners use them. Meanwhile, you can protect yourself with spam filtering software that allows you to create a whitelist or safe senders list and by following best practices such as not clicking on hyperlinks in e-mail, viewing your mail in text format only (no HTML mail), and not engaging in IM conversations or file exchange with people you don’t know.

6. Unified communications
Unified communications (UC) is a popular trend in the enterprise space, and companies are finding many advantages in combining their e-mail, telephony, IM, and conferencing applications so that these programs can interact with each other. With voice over IP (VoIP) slowly replacing traditional telephone services, all these communications technologies can be run over the same network.
However, this also means that now your phone calls are subject to some of the same threats to which your data has always been vulnerable: VoIP packets can be intercepted or even modified in transit just as other data traffic can. For more about UC security threats, see http://blogs.techrepublic.com.com/security/?p=406.
To protect yourself in a unified world, use encryption to keep important data confidential—whether it's text, voice, or other. Also make sure UC software is updated regularly (along with the underlying operating system) and use authentication to verify the origin of messages and to ensure that messages haven’t been tampered with.

7. Peer-to-Peer (P2P) programs
The most popular means of exchanging large files quickly across the Internet is through the use of P2P software and networks, such as BitTorrent, KaZaA, Gnutella, and Napster. People use them to share music and movies in violation of copyright laws, but also for legitimate purposes, such as distributing their own home movies and pictures. The number of songs swapped via P2P networks is estimated to be in the billions per year.
Criminals love P2P networks because they can mislabel the files they share and cause you to download malware (such as a program that allows the criminal to take over your computer) when you think you’re downloading a song. Most of these networks also strive to protect the anonymity of users, so the bad guys have little risk of being caught. The best way to protect yourself from the dangers of using P2P applications is not to use them at all.

8. E-commerce and online banking
More and more of us are conducting more and more of our business over the Internet. It’s convenient to buy what we need from home and have it delivered to our doorsteps and to pay our bills and transfer money between our accounts without a trip to the bank. Criminals love this trend, because it gives them additional opportunities to get hold of your money. They can intercept information as it travels across the network, break into the databases of online businesses or financial institutions to steal information, or set up their own fake e-commerce sites and lure you into giving them your credit card number and other information under the pretense of selling you something.
To protect yourself when buying or banking online, do business only with well-known sites and ensure that your Web traffic is encrypted (your browser will indicate when a site is secure). Navigate to those sites directly. (Don’t click a link in e-mail to get there.) Don’t save your credit card information on the Web sites, either—type it in each time. Keep a close watch on your credit card statements and bank statements and immediately report any suspicious or unauthorized activity.

9. Mobile computing
Computing has become increasingly mobile and devices ranging from small PDA phones to full-size laptops are being used to store important data and connect to home and company networks. Because of their mobility, however, these devices can easily be lost or stolen—and the data goes with them. If the device contains your personal information, you could be subject to identity theft. If it contains client information for your company, you could put those clients at risk and possibly put your company in violation of regulatory compliance requirements. Luckily, there are a number of ways to protect yourself from these threats.
Many portable computers today come with built in TPMs (Trusted Platform Modules), which are hardware-based cryptography chips that work with software technologies such as Microsoft’s BitLocker (included in some editions of Vista and Server 2008) to encrypt the drive and prevent a thief from being able to log on or access any of the files. More and more laptops also include fingerprint recognition software and other extra security measures. You can also install tracking software that will cause the laptop to "phone home" when connected to the Internet if you fail to enter the correct password.
Many PDA phones provide for password protection and you can buy third-party programs to encrypt data on the phone. The latest versions of Windows Mobile allow you to encrypt the information on the storage card without a third-party program, and you can also remotely wipe the device and card.

10. Universal connectivity
Closely related to mobility is universal connectivity. We are putting not just our computers but our entire lives online. Kitchen appliances and laundry machines can connect to the Internet, pool and spa equipment can be accessed online, and so forth. Many of us have security surveillance cameras with built-in Web servers, which we can monitor from anywhere in the world as long as we have an Internet connection. All of this connectivity is great, but it opens up avenues by which criminals can invade our homes without ever setting foot inside.
We also put ourselves online in another way. We have personal Web sites, MySpace or FaceBook accounts, Second Lives, and other venues where we reveal more about ourselves than we realize. Criminals love these social networking tools because it makes it easy for them to pick victims and get to know them, sight unseen.

What’s the solution, then? Should we disconnect from the global network, erase our presences from the Web, and go hide in our rooms? Even if that were possible (and it’s not), the cure would be worse than the disease. In today’s world, functioning without the technology is becoming increasingly difficult, and once you’ve taken the technological plunge, the information is "out there"—there’s no going back.
The key is increased awareness and constant vigilance. Use common sense, as you do in the real world. Don’t automatically trust strangers. Don’t wander into places (virtual or physical) where you’re unfamiliar with the terrain. Don’t divulge sensitive information, such as credit card and bank accounts numbers, social security numbers, and birthdates, that can be used to steal your identity. Most cybercriminals are like most other predators: they go for the easy marks. By taking some precautions, you can still use the technologies that they exploit—so long as you use them wisely—without becoming a victim.

10+ Reasons why people write viruses

By Chad Perrin, et al
Copyright © 2009 CNET Networks, Inc., a CBS Company. All rights reserved. TechRepublic is a registered trademark of CNET Networks, Inc

The image of virus writers as intelligent kids with too much time on their hands resorting to digital vandalism to entertain themselves persists. Years ago, making such a guess about why people write viruses might have been accurate most of the time, but the world has moved on. The writers of viruses and other mobile malicious code are many and varied, and their reasons are as wide-ranging as they are themselves.
The forms of replicating mobile malicious code are multifarious, too. The most common forms are viruses, worms, and Trojans, though non-replicating equivalents are gaining prominence as well. Cross-site scripting is an example of non-replicating code that serves much the same purpose as self-replicating malicious code; it can affect millions without having to actually “infect” the victim’s computer at all.
I can’t claim to know why everybody who writes malicious code does so. I haven’t met them all. I can make some generalizations about reasons people might do so, though.

1.Anger issues
There are those who, for whatever reason, just do destructive things for the sake of their destructiveness. They may be malicious narcissists, psychopaths, or just so self-centered in their impression that the whole world is against them that they will blindly lash out at anyone and everyone when they get the chance. For such people, who I believe are a thankfully rare breed, the harm they cause others has no point beyond the harm itself. They are unreasoningly destructive, and that’s pretty much all there is to it. They might think they’re misunderstood and want to communicate with the world by harming it in some way -- and maybe they’re right, that people just don’t understand them deep down. When they react to this state of affairs by maliciously setting out to harm anonymous strangers, however, I don’t think I want to understand them beyond the minimum required to track them down and put a stop to their antisocial behavior. Your mileage may vary, especially if you’re a criminal psychologist.

2.Do it for the Lulz
Some still do it for the “fun” of destruction. They may get a thrill out of reading news items about their work causing people trouble, or they may just take a fire-and-forget approach, creating destructive, self-replicating programs for the joy of it without much caring whether they ever see the consequences themselves. Mostly, I’m sure they find it funny to read about people being inconvenienced by what they’ve done. In short, some people write mobile malicious code for the same reasons vandals break windows and spray paint garage doors that belong to people they don’t even know.

3. Espionage
I’m not talking about sabotage here; I’ll address that later. By “espionage,” I mean attempts to gather information through underhanded means for reasons other than identity fraud and other directly, criminally profitable purposes. Viruses, worms, Trojans, and even backdoors and other malicious code slipped into your software by the vendor may serve the purposes of espionage. People worry about the potential for Chinese manufactured computers having some kind of hardware backdoor built into them; conspiracy theories about commercial software vendors being required to provide backdoor access to the NSA run rampant; the government of India famously demanded that Blackberry provide universal decryption keys for all Blackberry devices sold in the country; and the NSA’s Dual_EC_DRBG NIST encryption standard may itself include a backdoor of sorts, as I mentioned in What my grandmother taught me about IT security.
Considering the fiasco of federal warrantless wiretapping violations of the law during the Bush administration’s tenure, and the worse violations hinted at by several officials’ carefully phrased testimony that such worse violations weren’t a part of this particular program, it would be foolish to assume that government agencies never spy on people via software. How many of you remember ECHELON?

4.Online gangs
It probably sounds like something out of a 1980s vintage techno-thriller, like Bruce Sterling’s Islands in the Net, but it is disturbingly becoming a reality -- there are actual “gangs” of angry, or just plain ignorant, kids who engage in digital vandalism as part of a misdirected urge to enhance group identity and personal pride in a fractious, underground community. Such groups may target each other or, more often, some third party whose troubles at the hands of such a gang of vandals will be easily noticed and identified. With dramatic names like “Team Holocaust” and “Phalcon SKISMs,“ such cybergangs may occasionally claim a higher purpose (like YAM), but they may also have no pretensions of purpose other than claiming a strong group identity. Like being a Denver Broncos fan, except they mark their territory with digital vandalism instead of by painting their torsos orange and waving giant foam fingers in the air.

5. The hacker instinct
Keep in mind the difference between a hacker and a security cracker. People with a hacker mindset usually find themselves eventually drawn to specific fields of interest. In some cases, that interest might revolve around understanding self-replicating mobile malicious code. Sometimes, the best way to understand something is to experiment with different ways to create examples of it. Sometimes, the best way to test something you’ve created is to see it operating under real world conditions. Some immoral or amoral hackers with an interest in self-replicating mobile malicious code may test their creations by releasing them into the wild and seeing how they do.

6. Money money money
Most writers of malicious code in the wild these days seem to fall into this category; people who are in it for the filthy lucre. Viruses and worms often carry payloads that open up avenues of intrusion into a system, providing a means for either security crackers or their automated tools to slip past the system’s defenses. Such automated tools can harvest authentication information and other sensitive data (such as for reasons of identity fraud), set themselves up as automated spam generators, or contact a centralized control mechanism of some sort, such as an IRC chat room to create a botnet of thousands, or even millions, of unwitting users’ computers, all of which can be controlled simultaneously by a single security cracker. It is increasingly common for botnets to be offered for rent, for any of a vast number of reasons.

7. Political agitation
Sometimes, digital vandalism -- whether accomplished by a virus, a worm, a DDoS attack, or some other means -- can be accomplished for the purpose of making a statement. Whether the reason for something like that is directly political in the sense of addressing matters related to government or more indirectly political, such as interfering with certain types of Web sites and other operations of some class of people with whom one disagrees somehow, the point is sometimes to make people who aren’t directly responsible for whatever’s being targeted aware of one’s own disapproval of those targets. DDoS and other attacks against Microsoft or Yahoo! might fall into this category.
Depending on their specific choices of targets and their motivating issues, some such political agitators (as in the case of those targeting and protesting Chinese and Australian national firewall policies) might even be admirable for their principles and the courage of their convictions to some degree. In extreme cases, on the other hand, such as where large numbers of innocent bystanders are materially harmed (having their checking accounts wiped out to make a political statement, perhaps), action taken on behalf of this kind of motivation might reasonably be called “terrorism.”

8. Romance and drama
Some may be drawn in by the perceived romance and drama of a criminal life itself. Just as some people may start out seduced to a life of crime by the power they perceive in street pushers in their neighborhoods, the exploits of cat burglars in movies, or the rare reports of some criminals who always seem to get away with their criminal acts in the news, the artificial mystique manufactured by the media around “Computer Hackers” can inspire the aspirations of the amoral youth with technical talents. Because of the character of certain online communities, it can be much easier sometimes to feed one’s own delusions of the romance and drama of being a “Computer Hacker” for a longer time than in most other criminal enterprises where the physically gritty, and petty, reality of what they do becomes quickly inescapable. Once fully absorbed within such an insulated, self-reinforcing fantasy life, I don’t know how easy it is to overcome the illusion and realize that one has become nothing but a criminal security cracker -- that being a real hacker is about skill and not 1337 h4xx0r nicknames -- without being forcibly disillusioned by getting caught, prosecuted, and imprisoned for one’s crimes.

9. Sabotage
Sometimes the purpose of malicious code might be directly targeted at disrupting the operations of some class of people one doesn’t like. While this sort of behavior might seem superficially similar to that of terrorism as described under "Political agitation," or to vandalism as described under "Online gangs," it’s not terrorism, and it’s more personal than typical vandalism. It is a simple criminal act, aimed at a specific target, more akin to assault. People with business interests may do this not for profit or for political purposes, but to damage other businesses’ ability to compete, at least temporarily. Government agencies may do so to try to bully another government into doing something it doesn’t want to do, as appears to have been the case in the Estonian “cyberwar.” The motivation to sabotage may even be based on something as petty as personal revenge.

10. The intellectual challenge (and to pass the time)
From member jim.parlett: Why do people play online games? Why do people do crosswords or play chess? It's the element of competition, pitting your wits and skill against that of others. It's a competition to see who can write the best virus, who can beat the antivirus companies, who can beat Microsoft's developers. I suspect the vast majority of virus writers are male, because competitiveness is a predominantly (but certainly not exclusively) male trait. It's not necessarily about being malicious, not always about money; it's sometimes about winning, about challenging the rest of the world and beating them. It's the cyber age version of graffiti, the Internet equivalent of the adolescent challenging the mature and making waves.

11. Extortion
From member Dixon: Let's not leave out plain old-fashioned extortion, as with Vundo/Antivirus2009/Antivirus360. "You're infected! Give us sixty bucks and we'll fix it!"

12. Resume material
From member Oz_Media: I knew a few guys in the early 90s who wrote viruses simply to get noticed as capable programmers. Offering up a virus, then creating a removal tool and sending it to major players (F-protect, Computer Associates, Kaspersky, etc.) put them on the map as code savvy. In fact, I remember a time when that was the key focus behind writing viruses and exploiting code -- to show off your talents compared to existing engineers. Who do you think major antivirus companies hire to write removal tools? The same criminals who exploit systems, of course. Also, if a company wouldn't hire them as programmers, they'd hack the software and send the exploit details to the engineers, offering to fix it for $$$$. Then they'd go to a competitor and show them the competition's weaknesses and use THAT to get work with the competitor.
Think of Stuart from MAD TV, "Look what I can do!"
NOTE: I said I knew them, I didn't say they were friends.

Follow the money
If I had to guess, I’d say that the most common reasons to write viruses these days, by far, are at least somewhat profit-motivated. The I Love You email virus was kind of a watershed incident, the point where a lot of people really started noticing the growing trend in profit-generating mobile malicious code.
Any attempt to explain away all virus, worm, and other malicious code writing using a single generalization is unreasonably simplistic, though. Virus writers are people, too -- at least in that they may have any of millions of different motivations for what they do -- even if they’re often subhuman in some respects as well (notably in their ethical development). Most are probably motivated by some combination of more than one of the above suggestions, in fact, and perhaps by other reasons we haven't touched on.

Friday, July 3, 2009

Developing Leadership Skills

© A & C Black Publishers Ltd 2006

FAQS
Now that my business is growing I’ve been on a leadership course and understand the theory of being a good leader. How do I put this into practice?

Being an owner-manager will give you plenty of opportunities to put your new skills to the test, but remember that leadership capability does not emerge overnight; it takes time and practice, so don’t expect too much of yourself too soon. Why not make a start, though, by leading a new project, where you can test out the skills you’ve acquired? Make sure you plan carefully for resources and support. Taking this first step will give you the opportunity to test out your responses to this new situation. In turn, you’ll then be able to evaluate what has worked and what hasn’t, and help you plan what to do or avoid doing next time.

I seem to command an audience easily when I make presentations, but will I make a good leader?

Commanding an audience is a great skill and many leaders have it, but it’s not the sole requirement. Leaders also need to be problem-solvers and have originality and flair, confidence and self-knowledge, strong interpersonal skills, the ability to listen, visioning capability, good organizational skills, and so on. Your ability as a speaker suggests that you’re articulate and self-confident. If you possess the other qualities too, you are well on the way to being the leader your business needs.

MAKING IT HAPPEN
Understand the different facets of leadership

There are different types of leadership styles. Think of three shepherds. The first opens the gate and walks through, allowing the flock to follow—this shepherd leads from the front. Another stands behind the sheep and pushes or guides them through, demonstrating a supportive leadership style. The third moves from front to back and sometimes to the middle of the flock, demonstrating an interactive leadership style. For leaders to exist, there must be followers, and the needs of followers change depending on the context. Knowing how to apply different leadership styles can help you respond equally effectively in many different kinds of situations.

Another school of thought recognizes four leadership styles: directive, process, creative, and facilitative, each one related to a personality trait. So, being more relaxed doesn’t necessarily mean you can’t be a leader. You simply have natural tendencies for a certain type of leadership. And you may be able to learn other styles—more dominant, intuitive, or structured—as you become more confident and practiced in leadership. Try to work with your preferred style until you are comfortable enough to branch out.
Evidently, certain styles are suited to particular situations. A structured leader, for example, is likely to succeed in a situation where process is important, for example, in running an operation. The relaxed or facilitative leader may be one who manages a professional group of people. Dominant leaders may be needed in businesses where there is a real drive for change.

Get some training

If your budget permits, a leadership course will help you gain a fuller understanding of what leadership is, and, by extension, how it will work for your business. Courses usually range from business theory to developing strategy to and understanding business risk. Having well-developed commercial awareness and a good business education will not only give you confidence, but will also help command respect from others in the organization.

Build self-awareness

Your leadership style is the means by which you communicate. The more self-aware you
are, the more effectively it will work for you. This means knowing:
• what you are like
• what your preferences are
• what your goals are
• how other people perceive you and your goals
• how you are motivated to achieve them
Numerous tests and questionnaires can be used to help you explore your personality and preferences; they are widely available from books, the web, consultancies, and other sources. Surveys are also useful. Business schools have valuable data on expected leadership behaviors. You can combine information from all these sources to establish a benchmark for yourself.

Apply leadership skills

Leadership opportunities are often thrust upon us unexpectedly, but in a small business environment you’ll come across them more frequently. As in most situations, your best bet is to start with an analysis of the situation. Decide what is needed, and how you can best achieve it.
Some leadership positions require you to set the objectives for others to follow. In these situations, scheduling, consultation, and team building are essential to success. Leaders often need to work as intermediaries between two groups—those wanting the results (boards, investors, etc.), and those who will deliver the results. In this case you need to establish good communication channels with both parties. Try to pick teams that have a good balance between competent managers and energetic, loyal team members. Teams need consistent, positive energy levels to sustain momentum. Thus choosing a team by the mix of talent required, rather than based on friendships or politics, is critical. If you are trying out new systems or approaches, do surround yourself with the right people, create a framework for support, and document the process so you can later evaluate what you have done.

COMMON MISTAKES
Mirroring other leaders too closely

People new to leadership roles may try to copy a leader they respect, because the person provides an easy model. This can create a false impression of what you are really like, or, worse, make you look foolish for trying to mimic a style incompatible with your own personality. leadership behaviors come from within. Understand what it is you respect in the other leader and think about how you can best display that attribute. If it doesn’t work, don’t be afraid to try a new approach.

Not working at it
Many people hope that they have natural leadership skills, and accept leadership positions without proper training or mental adjustment. This sink-or-swim approach works sometimes, but not always! Building up leadership skills, increasing awareness of yourself, and evaluating what you do have much more potential for success. It will also give you more room to make mistakes without losing credibility.

FOR MORE INFORMATION
Emerald (trading name of MCB University Press):
www.managementfirst.com/experts/leadership.htm
Entrepreneur.com: www.entrepreneur.com (management tab)