Friday, 02 February 2007

Bad guys are not stupid. What the lack in morals they sometimes make up for in creativity and smarts. That's why they can be so dangerous. Think like a bad guy: If you wanted to find a way to take advantage of a large public event in order to gain fraudulent access to thousands (or more) individual computers so you could install keystroke logging software and trojan software to allow you to grow your rogue bot network, what would you do?

Well if it was today, maybe you'd think to yourself, "Hey the Superbowl is this weekend. Let's set up a fake site and trick people into going there with an email and screw 'em all over."

Or, if you were smarter, you'd just take over the server that houses the site for Dolphins Stadium.

If this doesn't tell you why you should be focused on security, then what does?

The news item is here, and an advisory with a description is here.

The official Web site of Dolphin Stadium, home of Sunday’s Super Bowl XLI, has been hacked and seeded with exploit code targeting two known Windows security flaws.

In the attack, which was discovered by malware hunters at Websense Security Labs, the server hosting the site was breached and a link to a malicious JavaScript file was inserted into the header of the front page of the site. Visitors to the site execute the script, which attempts to exploit the vulnerabilities.

According to Dan Hubbard, senior director, security and technology research at Websense, the malicious site hosting the script has been taken offline by law enforcement officials but the hacked Dolphin Stadium site — which is attracting a lot of Super Bowl-related traffic — is still hosting the malicious JavaScript.

A visitor to the site with an unpatched Windows machine will connect to a remote server registered to a nameserver in China and download a Trojan keylogger/backdoor that gives the attacker “full access to the compromised computer,” Hubbard said.

Oy. What's it gonna take??

Add/Read: Comments [0]
IT Security | Safe Computing | Tech
Friday, 02 February 2007 12:58:44 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Thursday, 01 February 2007

One of my all-time favorite coworkers and human beings is Phillip Forteza, who works in the QA department. He's started blogging, and I'm excited about it.

Phil is one of those guys that smiles, smiles, smiles - regardless of the day or the situation. He is a truly good person, one of the kindest I have ever met, and I am always glad to see him. I only wish I was as up-beat and positive as Phil is every single day, though good and bad. If I'm every feeling down and out and I happen to run into him, it's a guaranteed fact that his powerful attitude will lift me up and remove that monkey from my back.

Check out what Phil has to write, it's more than worth the read. We need more people like Phil in this world, but alternatively more spreading of The Phillip Way is a pretty good option.

Add/Read: Comments [2]
Personal Stories | Random Stuff
Thursday, 01 February 2007 21:36:02 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Wednesday, 31 January 2007

I hope mine is not an exception to the rule, because this is pretty cool: I've been running the release version of Windows Vista on one of my laptop computers since yesterday (one that I use all the time and which does a whole boatload of work), and quite literally everything seems to run considerably smoother and faster than it ever did on XP. Now, I don't have Aero Glass/WDM on (graphics card doesn't support it), but Office, web browsers and all apps are notably better. Especially Outlook. Wow.

The only issue I have found so far is that the Explorer shell seems to hang every now and then. I probably just have a rogue random utility that's not playing well. I'll have to look into that. At least when I kill the Explorer process, it's sending trouble data off to Microsoft for analysis. That's a good thing. It recovers gracefully, though when the process restarts. While I have not seen this kind of issue since the Windows 95/98 days, the fact that the process comes back gracefully and everything still works is a plus.

I ran all the betas, and I for one am glad they delayed and fixed up some stuff. So far it looks pretty darn good. Some of the dialogs (like the new Start Menu style and file system dialogs) are a little goofy for a power user, but I intend to stick with them and see if I can make them work well. I am, after all, getting older and more set in my ways, so I find I need to allow more time for me to adjust than I used to, heh.

Add/Read: Comments [9]
Wednesday, 31 January 2007 09:30:34 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Monday, 29 January 2007

Tomorrow (Tuesday, January 30th) is the big day. That's when Microsoft's Windows Vista operating system, long in the making and refinement, and it's Office 2007 suite will be available for purchase by the commonfolk.

Only this time around, you can choose between buying online and downloading or going to the store and picking up a cardboard box and CD. This is the first time the OS and productivity suite have been made available for purchase and download online.

On Tuesday, the Windows Marketplace site will allow you to make your purchase and get that immediate gratification, all from the comfort of you own easy chair (or whatever seat fits the bill). The Marketplace system uses their Digital Locker, which allows you to purchase software online and get back at it later - you can store your purchase online.

Vista delivers some significant and (I think) important security enhancements, so from that standpoint I see it as something akin to a must-have. However, with all the versions being shipped and the relatively complex hardware requirements to review before you purchase, be sure to take the time to see what you really need.

Office 2007 is something I can recommend whole-heartedly. I have been running it for a year or more in betas, and the release version, which I have been using since the day it was made available to volume license customers, is excellent.

What editions can you buy online on Tuesday? Microsoft will let you purchase and download upgrade copies of Windows Vista and and full copies of these Office editions:

  • Windows Vista Business
  • Windows Vista Home Basic
  • Windows Vista Home Premium
  • Windows Vista Ultimate
  • Microsoft Office Home and Student 2007
  • Microsoft Office Professional 2007
  • Microsoft Office Standard 2007

(via Trevin)

Add/Read: Comments [3]
Monday, 29 January 2007 09:30:16 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Sunday, 28 January 2007

One thing I've noticed about all the weblogs out there is a significant lack of content on certain topics. Management and dealing with management issues is one example. There are a few out there that are quite good, but it's not a common topic. Probably because it's not exactly exciting, geeky or all that interesting to the average person. Or maybe because managers are afraid to talk publicly about problems they run up against. Or because not many managers blog. Personally, I run across complex issues all the time, and I enjoy talking about them in an appropriate way. I think it makes me a better manager in the long run to hear what others have to say. Hence this weblog entry.

A while back I was meeting with one of the people I work with and discussing the variety of ways communication problems can drag an organization down. It was one of those typically generalized philosophical conversations, the kind I like to think of as learning moments. Some call them teaching moments, which is also accurate, but I like to remember I can (and better) learn while mentoring, too. It's a given that inefficiencies can make it difficult to get things done in business, and inefficiencies in communication can certainly have a significant impact. As we traded thoughts back and forth on the topic, I realized that my compadre was unawaredly mixing two different problems together, and classifying them as one. We stopped for a moment, and I explained to him what I see as the difference between communication and behavior problems. There is a fundamental and critical difference, I pointed out - one that is often overlooked and misunderstood.

We've all known people who say or do things that don't contribute in a positive way to an effective team or organization. Unfortunately we often describe such people as having "communication problems," when in fact what they exhibit is instead a complex set of behavior problems.

Because the two types of issues are fundamentally different (as are the respective solutions), a well-honed ability to recognize the difference between them is an valuable and important management trait for one who has the desire to make changes in this area.

A communication problem exists when there is a process gap or other barrier that makes it impossible to successfully communicate some critical information. For example, in the IT support world, we often wonder why users don't provide us with the information we need to help them. Instead they tell us a life story and pass on a lot of information that won't help us solve the problem, all while leaving out the critical nuggets of data. Then the IT employee wonders why and spends significant time chasing users down and trying to gather the missing details needed to work the issue.

But the communication problem in this case is not the lack of information provided by the customer. Rather it's the lack of a properly-defined process. I suggested, in our hypothetical conversation, that if an IT help desk employee has to regularly perform the same tasks and if the information necessary for success is challenging to gather from users, then the solution should be in doing something to ensure the proper information is collected and that the users know what's needed and expected. That's a communication process. And a well-defined communication process does a couple things: It sets clear, unambiguous expectations and provides a known mechanism to accomplish the activity it defines. It also needs to be reasonable and usable, to be fully successful. Perhaps the IT help desk would deploy a standard form, for example, which collects all of the information required to resolve a class of issue. At that point, once the user population has been made aware of the form and process, it is reasonable to expect the users to take advantage of the tools and instructions provided.

Now, if our information communication process is in place and communicated effectively and sufficiently, yet the people to whom the process applies neglect to do their part, we no longer have a communication problem. At that point, we have graduated to a more complicated class of issue: The behavior problem.

Behavior problems are individual in nature, and are more closely related to personality and situational issues. They're not typically resolvable with processes. Instead, they require individual guidance and potentially some form of discipline. Now, the term "discipline" here does not have to be a negative word. Rather, I use it in the context of behavior and performance management. And what works for one won't always work for the rest. This is the area where the professional manager earns his or her stripes: Working with people to change default behaviors in situations where the behavior cannot work. It's hard work.

Perhaps the most useful set of terms we can keep in mind when it comes to defining the issue and a solution: Communication Management and Behavior Management. Understanding these and knowing the differences are what we really need to be concerned about. That and the fact that even with a good communication method in place, it still takes the people and personalities that can and will work within any processes established to be successful.

What kinds of behavior problems are often confused with communication issues? Well, there's the "that's not what I want" class of problems. And then there's the "I didn't think of it so I can't get behind it" philosophy. Or the "that doesn't apply to me because I decided I didn't want it to" issue. Often behavior problems involve some form or another of what I refer to as "terminal uniqueness" - People who believe that they are different and their jobs, situations, wants, needs, requirements and desires are completely different than those of anyone else, and  that therefore nobody else can possibly understand or make decisions that might affect whatever they're focused on. And there are, of course, many more.

Anyhow, I have a variety of stories from my own management experience (both as related to me personally and with others) that illustrate this point, but one person's examples only help to define the situation in a self-limiting form. Do you have examples of your own experiences where the cliche "communication problem" term has been applied, but in reality the issue was people not playing nice? How do you deal with those situations and people?

And I should finish up by pointing out that I am far from perfect in this area. None of us are. I've not been the easiest person to manage at times over the years, to be sure. But a good healthy conversation helps us all to be aware of what's happening around us and within us, and allows us to learn and grow. So, let's converse.

What do you think?

Add/Read: Comments [1]
Management | Random Stuff
Sunday, 28 January 2007 13:59:18 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Tuesday, 16 January 2007

I ran across the Giveaway of the Day web site the other evening and was intrigued. I've watched it for a few days now and have downloaded a couple of the programs they've offered. Basically, the site has a different piece of commercial software (typically smaller, utility-style stuff but you never know) that they give away for free for 24 hours. The catch, if you can call it that, is that you can only download any given program during its 24-hour offer period, and you have to install it during that period, as well. If you wait and try to install it later (as I did in once case), the product cannot be successfully registered.

But for free, whatcha gonna do, complain? I mean, come on. Heh. This is an interesting vehicle for getting people to check out other software offered by the companies whose software is featured, I suppose (they show examples of other software titles offered by each company with links).

Worth checking out. Be sure - as always - to use caution whenever downloading any software from the Internet. Good antivirus and antispyware software is important to have in place and running before you start downloading stuff. Heck, before you ever use the Internet for that matter.

In addition, the site has a freeware library that contains some interesting stuff as well as a Game Giveaway of the Day site. Same methodology, only it's games you get to play with.

Here are today's software and game give-away's:

Add/Read: Comments [3]
Random Stuff | Tech
Tuesday, 16 January 2007 23:46:37 (Pacific Standard Time, UTC-08:00)
#  Trackback