I was reading about the recent Twitter DOS that also affected Facebook and particularly the comments posted on CNN about how not having Twitter made people feel naked. One person interviewed said that people knew everything about her life because of Twitter.
I have always been a little hesitant to post online status. After all, those really close to me already know what I’m doing, and those who are not so close to me could always fire off an email and/or ask to be put back onto my mailing list. Why does the public in general need to know if I’m heading to the grocery store, or even on vacation for two weeks.
Smart criminals are few and far between, however they do exist. It is not difficult to tie a twitter account or Facebook account to a physical address. If your schedule is half-way routine the smart criminal can take advantage of it, but if it is posted online the criminal doesn’t need to go very far to target your house, apartment, or vehicle. Even more concerning is personal safety and security. Do you twitter about when you are getting off work? Do you have a long walk to your car? Scary stuff.
What it comes down to is our desire as people to be popular and important, but the fact of the matter is that few of us are or ever will be. And if we suddenly were popular we probably wouldn’t be all that happy about it. There isn’t a lot of glamor in having news crews camp on your lawn day after day, and if someone is always around the corner looking for a photo opportunity, there’s little time to relax.
My suggestion to the die-hard Twitter and Facebook addicts: Be safe! Think about what information you post online and how it could be used against you both at your current stage in life and years into the future. Will your kids use it against you? Your relatives? A criminal? If you suddenly did become a public figure? Just think about it – and don’t get so attached to a single entity such as Facebook in particular. I know people who don’t use email much anymore because they can just message back and forth on Facebook’s mail. That’s all fine and good except for when Facebook disappears, suffers a DOS or decides to change their privacy policies. If you rely on Facebook for email, how would you contact your friends if it suddenly went away?
Computer and Internet policy in the workplace, Part 2: The Ideal Policy
The ideal policy must balance productivity. It has to focus on actual results of policy change, not a theoretical ideal. First, you need to identify what problem you have that you want to develop policy to solve. Policy for the sake of policy is worthless. Once the problem is identified, say your employees are spending too much time on webmail, then develop a policy to counteract it, working in small steps at first. Next, evaluate your small-step policy change. If it has accomplished what you set out to do, then do not proceed any further. If it has not, then take another small step. The goal is to rarely backtrack on policy. If you have to backtrack then people will lose respect for the policies you implement and further policies will need to be even more drastic in order to have any effect. Read the rest of this entry »
I have some first hand knowledge of several different ways of handling policy in the workplace. This article is the first in a series that will discuss those, some theoretical ideals, implementation and awareness techniques, and pitfalls to implementation. Policy usually seeks to maintain safety for proprietary company data, employee privacy, public relations/image reasons, and for employee efficiency reasons. Failure to create or implement policy effectively has all the opposite effects. Read the rest of this entry »
You heard about it here and elsewhere, plus Microsoft should have been popping up in your system tray asking you to update. Did you do it? If not, now is the time to get on it. Some exploit code has been published, so this typically means that it will not be much longer before people with ill intentions integrate the code into some other type of malicious software.
Clearly this one was not quite as dire as we were led to believe, however it is a good exercise in emergency patch procedure. I recently wrote about having to delay the monthly patches a week due to some high profile visitors and a general sudden paranoia about the safety of patching. The same week I finally pushed patches with WSUS was the week this critical patch was released, so we quickly called for some downtime again with the servers and forced the patch out to all users.
I did some things a long time ago to make such an emergency patch more feasible. The first thing was to lower the interval that desktops check for the patch. Since they are checking with my WSUS server, this ads slightly more network activity, but does not slow down the WAN connection one bit. The default limit is 24 hours and I changed it to 8. This means that so long as I schedule a patch outside of 8 hours of a deadline I can hit every single computer that was turned on. The second thing was an auto-approve rule. I automatically approve every single patch that comes into my WSUS server for a computer group called Not Fully Approved, or NFA that has no computer as member. This forces the patch to immediately begin downloading so that it is immediately ready for distribution when I approve it.
Microsoft has released an out-of-band patch that protects a vulnerability reminiscent of Blaster. For those of you who remember this, you may want to patch right away. For those of you who don’t, patch anyway and you will thank me later.
Just the other day I was thinking that the days were behind me when I had to run around from computer to computer performing manual tasks to resurrect computers from a worm. Here we are again. If history is any indication, and if this vulnerability is as bad as it is made out to be, I doubt that this first patch will take care of every single variant of the problem.
We just had patch Tuesday last week, so typically today would be the day when all the Windows servers are patched and rebooted. Due to a visit by a dignitary early next week a decision was made by people outside of IT to postpone patching until the following weekend. Is this a legitimate reason to postpone patching? The one legitimate argument is that something could go wrong with the patching and we end up recovering systems into the week. The likelihood of that happening must be pretty small since it has never once happened to us before. I do plenty of patch testing before making the decision to roll out, so there is usually forewarning that something negative is in the air in plenty of time to delay patching for a fix. In addition, many of the machines are virtual which could easily be snapshot before a patch if it were that critical.
On the other hand, patching regularly has kept us from getting any serious virus or worm for over three years. I wouldn’t wish for it because I would have to help in cleanup, but sometimes I wonder what it would be like if such a decision backfired and we got hurt precisely because they tried to avoid it.
There is an article on Fox News about the World Bank being hacked. This leads me to the obvious question – is this related in any way, even to a small degree, to the current world financial crisis? If someone had inside information on market movements or confidential economic data on a global scale and the means to take advantage of it, that knowledge could certainly influence a calamity such as this one we are in. Just food for thought.
What is worse is that an organization that large did such a poor job with security regardless of anything else. It seems keeping the knowledge away from the public was more important to them than stopping the problem.
The latest techie buzz word seems to be the word Quantum. It is the end-all-be-all of computer technology, the savior of the computing universe. Right.
“Quantum” is used to define the momentum, state, and energy of the elementary particles of an atom, or basically any subatomic particle. It seems like every day someone comes out with a new quantum something that is supposed to solve all our problems. I saw an article wednesday on quantum cryptography now supposedly unbreakable. I read the article and it does seem that they have developed something that would be impossible to intercept in such a way that it could be deciphered simply due to the fact that an interception would be detected in the quantum state of the stream which could then be stopped. It is interesting stuff and reminded me of a bad book I once tried to read.
To Vista or not to Vista: that is the question:
Whether ’tis nobler in the mind to suffer
The UAC warnings of outrageous caution,
Or to take arms against a sea of malware,
And by virus software end them? To die: to shutdown…
We’re trying to figure out whether or not we want to go with Vista or Windows XP for our 3-year refresh. The decision is difficult because we will live with it for the next three years. There is no incentive to perform an upgrade mid-cycle. There are many different factors and there are pros and cons on either side.
OpenDNS is an easy way to help protect you and your family on the Internet. Before you get turned off by something technical, let me assure you that you can make this simple change no matter what your technical expertise, and it will cost you nothing. If you have just one computer connected to the Internet at home, this change is simple. If you have more than one, then you will want to make this configuration change on your router, but it will still be easy. The OpenDNS team has done a great job documenting how to make such a change, so I am not going to duplicate that effort here. You should go to this page to learn how to make the change, but before you do please continue reading to learn why it will help you.
Please note that this information applies to business users as well. The small business without the budget for an IT department could benefit greatly from making these simple changes.
Entries (RSS)