Friday, October 23, 2009

Gaping security hole turned 64,000 Time Warner cable modems into hacker prey

Gaping security hole turned 64,000 Time Warner cable modems into hacker prey

Cable modem security problem is patched, but customers' networks were vulnerable
By Tim Greene

A blogger helping to tune a friend's wi-fi network uncovered a gaping security hole in Wi-Fi cable modem routers installed in 64,000 Time Warner subscribers' homes, leaving them open to attack.

Time Warner says that within the past week it has patched the problem until the manufacturer can provide a permanent fix, but before that it had allowed administrative access to the routers. Attackers could then run a variety of programs against these routers, says David Chen in his blog Chenosaurus.

Because the vulnerability let anyone anywhere on the Internet take over control of the router, they could launch attacks from within Time Warner customers' homes.

"From within your own network, an intruder can eavesdrop on sensitive data being sent over the Internet and even worse, they can manipulate the DNS address to point trusted sites to malicious servers to perform man-in-the-middle attacks," Chen writes. "Someone skilled enough can possibly even modify and install a new firmware onto the router, which can then automatically scan and infect other routers automatically."

Chen says he discovered that administrative control of the routers had been blocked by a Java script. He disabled Java on his friend's router and had access to all the router's settings. He opened the backup configuration file and discovered the administrative login and password in plaintext.

He says he was able to run a port scan on Time Warner IP addresses and found dozens of these routers that were open to attack. The router involved is the SMC 8014 wireless router and cable modem, says Alex Dudley, vice president of public relations for Time Warner. He says his company is waiting for a permanent fix from SMC that Time Warner will run quality assurance testing on before pushing it to the affected routers.

Chen also notes that the router allows only Wired Equivalent Privacy encryption, which he says is readily broken, allowing anyone who can break WEP access to the network. He also says the fixed format for the routers' SSIDs makes it possible to figure out which Wi-Fi networks are run by SMC 801

LinkedIn: the secret to the online business network's success

LinkedIn: the secret to the online business network's success

With 50 million members, including Richard Branson and Alan Sugar, LinkedIn's success story quietly rivals that of Facebook.

LinkedIn
In spite of its clunky interface, credible business people can no longer afford to avoid LinkedIn

For all the continual media frenzy over Facebook and Twitter, the most remarkable social networking story of all may well be LinkedIn, the global social network for business professionals founded by serial Silicon Valley entrepreneur Reid Hoffman in December 2002. Last week, a bullish LinkedIn CEO Jeff Weiner announced its 50 millionth member, stressing that while it took sixteen months for the social network to get its first million members, the most recent million only took 12 days.

While the LinkedIn 50 million may pale in comparison with the Facebook 300 million army, its achievement is quite remarkable when one considers that there are only around 360 million white collar professional people in the entire world (at least according to the latest International Department of Labor numbers). So over 10% of the world’s professionals are already on LinkedIn. And with the social network now signing up a new member every second of every hour of every day, it shouldn’t be too long before the other 90% of the world’s business professionals eventually wind up in the LinkedIn universe.

So can 50 million professionals really be wrong? And what, exactly, is it about LinkedIn that has made it such a hit around the world, attracting business professionals from 200 countries?

According to Kevin Eyres, the London based Managing Director of LinkedIn’s European operation, it’s all about professionals now “taking more responsibility for their own careers.” In the current recession, he explained to me when we spoke on the telephone yesterday, everyone is “thinking like an entrepreneur.” Getting onto LinkedIn allows us to be “proactive” in building our own networks, finding new staff, rebuilding one’s career, “showcasing” skills and, above all perhaps, organizing one’s “reputation”.

Thinking like an entrepreneur is clearly something that the LinkedIn team is doing very impressively. According to Eyres, the business – which in June last year raised a $53 million round of venture capital - has been profitable for the last two years. And unlike the advertising dependant Facebook, LinkedIn has three “roughly equal streams” of revenue: Premium subscriptions, software as a service and advertising.

According to Eyres, some cultures are better than others at thinking like collaborative entrepreneurs. Holland, for example, is “off the charts” – something that Eyres explains in terms of networking being historically “part of the Dutch DNA.” The Danes too excel in this. While for other less advantaged groups in more conservative, inward-looking cultures – such as Italian women – LinkedIn has actually enabled the levelling of the socio-economic playing field.

It’s no coincidence, of course, that major LinkedIn success stories like Holland, Denmark and even India are all cultures in which English is widely spoken. But in European countries in which English is less prevalent, LinkedIn has had less success.

And this is why Eyres has launched German (January 2009), French (November 2008) and Spanish (August 2008) language sites over the last fourteen months.

Even in the United Kingdom, certainly not a culture as rooted in the collaborative network as much as Holland or Denmark, Eyres is excited by LinkedIn’s progress. Over the last six months, he told me, the UK membership had reached a “tipping point” in which the traditionally reticent locals have become more and more comfortable with both promoting themselves and with giving professional recommendations to others.

So why should one be on LinkedIn? I asked Eyres. What would he say to entice the roughly 310 million professionals who still haven’t signed up for the service?

“You aren’t doing your job correctly if you aren’t on it,” Eyres responded. LinkedIn is going to get you ahead by allowing you to get more knowledge, by enabling you to reach out to a network of like-minded professionals, by giving you access to a uniquely collaborative business environment.

Eyres may well be right. The LinkedIn mantra that “relationships matter” has become the central dogma of our social media age. And over the next year – as LinkedIn adds third party applications to its platform and adds an iPhone app and grows its markets in Latin American and Asia – relationships will matter more and more.

In spite of its sometimes clunky interface and cumbersome networking tools, credible business people can no longer afford to avoid LinkedIn. As Eyres reminded me, even Richard Branson and Alan Sugar are on it. Could there be a better reason to get linked in?

Don't volunteer if you can't close the deal

Don't volunteer if you can't close the deal

  • Author: Toni Bowers

I read an article by Career Advancement Expert Linda Lopeke in which she said that one of the worst career killing mistakes is to not take action. As she put it:

Taking action is the one thing that renders all on-the-job competition irrelevant. It requires no special tools or intelligence. And 98% of your co-workers will NOT be doing it. In any organization there are always a bazillion things that need to be done. However, 10% of the employee population will make professional commitments to getting thing one with enthusiasm. And only 2% ever actually take action. Management has to constantly chase and follow up with the other 98% if they want to make sure things are getting done. So what this means is if you work in a department of 100 people, only 10 people will have high potential and only 2 people will be in direct competition for raises and promotions. So, if you’re not taking action you are automatically keeping yourself from getting ahead.

I couldn’t agree more. And here is my two cents worth:

Taking action does not mean saying you’ll do something and then not getting around to it for weeks. Some people think that if they display a gung-ho attitude in a meeting and volunteer for a task then they have scored points for their career, but it is a delusion to think that the actual follow-through doesn’t matter.

If your manager has to constantly follow up with you to make sure things are getting done, then you’re not being helpful. You have actually doubled his or her work. And don’t think it’s not noticed. It may not go in your performance appraisal because managers are sometimes reluctant to make formal notes about volunteered tasks, but he or she will make subconscious notes about your dependability. And the high-profile tasks will go to your co-worker who is known for closing the deal.

If you’re the employee who cheerfully agrees to help co-workers out but you actually never get around to finishing the task at hand, what good is that? Believe me when I say that you are not going to be known as the co-worker who always helps out; you’re going to be known as the co-worker who always volunteers to help out but never actually does it.

Maybe your schedule is too tight, time is too short, blah blah blah. This might be true once, but if it keeps happening, then you have a problem with time management. If you are consistently signing on for new projects and then dropping the ball, then you are not realistically perceiving your schedule and capabilities. Stop trying to reap the immediate benefits of seeming to be the helpful person if you can’t do the required work.

Motivational Moment

FROM NIGHTINGALE.COM

"Wealth is the ability to fully experience life."
— Henry David Thoreau: was an American author, poet, and naturalist

Thursday, October 22, 2009

Motivational Moment

Thought for the Day

October 22, 2009

THOSE WHO CAN’T TAKE DIRECTIONS GRACIOUSLY HAVE NO BUSINESS GIVING THEM.

If you are an irresponsible or argumentative worker who cannot accept instructions from others, you are destined to remain at the bottom of the workforce. Before you can ever hope to manage other people, you must learn to manage yourself and your relationships with others effectively, particularly with those in higher positions in the organization. Unless you can learn how to manage your relationship with your own boss or bosses, you will never be able to manage a relationship with your subordinates.

This positive message is brought to you by the Napoleon Hill Foundation. Visit us at http://www.naphill.org. We encourage you to forward this to friends and family. They can sign up for this free service at our web site.

Monday, October 19, 2009

Motivational Monday

Thought for the Day

October 19, 2009

COOPERATION MUST START AT THE HEAD OF A DEPARTMENT IF IT IS EXPECTED AT THE OTHER END. THE SAME IS TRUE FOR EFFICIENCY.

In most large organizations, the amount of time and energy that is squandered in interdepartmental rivalry is enormous. Managers who compete with others inside the company waste valuable resources that should be directed at fulfilling the company’s mission to serve its customers better. Worse, a negative, internal focus can cause the company to miss opportunities, the full effect of which may not be realized for months or even years. Whether you are the head of the department or the newest worker on the staff, you can help your company immeasurably by refusing to become embroiled in internal strife. Compete with yourself to do the best job you can do instead of competing with others.

This positive message is brought to you by the Napoleon Hill Foundation. Visit us at http://www.naphill.org.

Thursday, October 15, 2009

Google Apps add-ons for the enterprise

10 Google Apps add-ons for the enterprise

Wednesday, October 14, 2009

Sidekick implosion: Was it sabotage?

Sidekick implosion: Was it sabotage?

Insider tells blogger/author of "clueless idiots"
By John Fontana ,

The Sidekick implosion, which wiped out user data, may have been the result of sabotage, according to blogger and author Daniel Eran Dilger, who quotes "insiders" familiar with the situation.

"Sources point to longstanding management issues, a culture of 'dogfooding,' and evidence that could suggest the issue was a deliberate act of sabotage," Dilger says on his blog Roughly Drafted.

Dilger says the sabotage claim is tied to tensions inside Microsoft. His blog post outlines how decisions related to Pink, a smartphone project inside Microsoft, and Danger, a Microsoft subsidiary, led to a level of animosity within the company that may have boiled over with a deliberate takedown of Sidekick.

Dilger quotes his inside source as saying the Pink project existed before Danger was acquired and that contractual obligations delayed Danger's engineers from immediately joining Pink. When they did, the source said, "innumerable bad decisions had already been made by clueless idiots."

The source describes Microsoft as "dysfunctional," a condition that led to mismanagement of the year-old, $500 million Danger acquisition.

Dilger's source goes on to describe how improbable a scenario it is for Microsoft to attempt an upgrade to the Sidekick service, which stores a user's contacts, calendar, photos and other data, without backing up that information.

The outage has brought howls from users who apparently have no way to recover their lost data from Sidekick, a cloud service offered by T-Mobile but run on the back-end by Danger.

The source says one scenario for the problem could be that Microsoft wanted to use its own technology to run Sidekick – what it often calls "eating its own dog food" – and blew an attempt to replace Sidekick's Oracle Real Application Cluster.
Dilger says there is evidence to suggest "there was no reason for a major transition or upgrade to be occurring” because Microsoft was interested in Danger's phone expertise and not the Sidekick service. His conclusion: "intentional sabotage by a disgruntled employee."

In any other case, Dilger writes, Microsoft and T-Mobile would have discussed "mitigating circumstances, blaming bad hardware, a power failure, or some freak accident."

"This is a catastrophic failure of the worst possible kind. Like I said, I can't think of any innocent explanation for all user data to have been lost permanently, and for the service to still be down," said the source.

Friday, October 09, 2009

Thought for the Day

Thought for the Day

October 9, 2009

DON’T OVERLOOK SMALL DETAILS. REMEMBER THAT THE UNIVERSE AND ALL THAT IS IN IT ARE MADE FROM TINY ATOMS.

There is an old expression that says, "If you take care of the little things, the big things will take care of themselves." It’s another way of saying that every job is composed of many small details, any one of which, if overlooked, can create big problems later. If you have trouble dealing with details-paperwork, expense accounts, and other annoying details-set aside a time during your work cycle (daily, weekly, or monthly) to deal with such unpleasant tasks. Prepare yourself mentally to deal with those tasks, and you may find that you dispense with them quickly and efficiently. You may even find that the job wasn’t nearly as unpleasant as you expected it to be.at has the greatest likelihood of success.

This positive message is brought to you by the Napoleon Hill Foundation. Visit us at http://www.naphill.org

Tuesday, October 06, 2009

BDPA Detroit TAC: BDPA Chapter News October 2009

BDPA Detroit TAC: BDPA Chapter News October 2009

BDPA Chapter News October 2009

test


October/2009



Networking Social Event at the (PI) Resturant & Lounge

October 16, 2009 at 6:00 PM
(food and drink specials til 7 PM)
Come mix and mingle with members and past Information Exchange Speakers at this event. All is welcome so be sure to invite someone!

28875 Franklin Street
Southfield, MI 48034
248-208-7500
(NOTE: This event replaces our monthly Information Exchange Event for October)

BDPA-Detroit presents it's...
1st Scholarship & EducationAwards Banquet
"Retooling For a Better Tomorrow"
Keynote Speaker: Honorable Dennis Archer
November 12, 2009 at 7:00 PM
Compuware Corporation
One Campus Maritus
Detroit, MI 48226
(Free parking with purchase of ticket)
$40.00 Adult
$30.00 Student Rate (ID Required)
2 Adult tickets for $70.00
For more information visit www.bdpa-detroit.org


Timage Technology Solutions have openings for the following positions:
  • Network Architect
  • Storage Area Network Engineer
  • IT Data Librarian
-------------------------------------------------------------------------------------------

IT Data Librarian

The Data Librarian is a dedicated, single point of contact to ensure all IT Infrastructure documentation is well organized and follows established means
and methods through industry accepted standards. The Data Librarian will also ensure that all documentation is easily searchable, is properly secured
and accessible via role based access policies. ITIL certification is highly desired, as well as SharePoint experience.

Network Architect

The Network Architect is responsible for providing third-level engineering support of a wide area network (WAN) consisting of over 70 networked locations across southeastern Michigan. Experience and certification with Nortel platforms is highly desired, as well as experience supporting QoS, Multicasting, VOIP, & IP Video.

Storage Area Network (SAN) Engineer
As a SAN Engineer, you will plan, design, and analyze storage infrastructure, while ensuring high levels of data quality and availability. You will be responsible for capacity planning, backup and restore process design, performance analysis
,and developing data disaster recovery plans. You will develop, implement, and oversee policies and procedures to ensure consistent storage
provisioning and uptime. A background in EMC storage products is a must, as well as working knowledge of SAN, NAS, DAS, RAID, SCSI,
and Fibre Channel technologies.



All resumes and inquiries should be sent to

Hacker leaks thousands of Hotmail passwords

Hacker leaks thousands of Hotmail passwords, says site
Posts more than 10,000 passwords, claims Neowin.net; Microsoft reportedly investigating
By Gregg Keizer


More than 10,000 usernames and passwords for Windows Live Hotmail accounts were leaked online late last week, according to a report by Neowin.net , which claimed that they were posted by an anonymous user on pastebin.com last Thursday.

The post has since been taken down.

Neowin reported that it had seen part of the list. "Neowin has seen part of the list posted and can confirm the accounts are genuine and most appear to be based in Europe," said the site. "The list details over 10,000 accounts starting from A through to B, suggesting there could be additional lists."

Hotmail usernames and passwords are often used for more than logging into Microsoft 's online e-mail service, however. Many people log onto a wide range of Microsoft's online properties -- including the trial version of the company's Web-based Office applications , the Connect beta test site and the Skydrive online storage service -- with their Hotmail passwords.

It was unknown how the usernames and passwords were obtained, but Neowin speculated that they were the result of either a hack of Hotmail or a massive phishing attack that had tricked users into divulging their log-on information.

Accounts with domains of @hotmail.com, @msn.com and @live.com were included in the list.

Microsoft representatives in the U.S. were not immediately able to confirm Neowin's account, or answer questions, including how the usernames and passwords were acquired. The BBC , however, reported early Monday that Microsoft U.K. is aware of the report that account information had been available on the Web, and said it's "actively investigating the situation and will take appropriate steps as rapidly as possible."

If Neowin's account is accurate, the Hotmail hack or phishing attack would be one of the largest suffered by a Web-based e-mail service.

Last year, a Tennessee college student was accused of breaking into former Alaska governor Sarah Palin's Yahoo Mail account in the run-up to the U.S. presidential election. Palin, the Republican vice presidential nominee at the time, lost control of her personal account when someone identified only as "rubico" reset her password after guessing answers to several security questions.

David Kernell was charged with a single count of accessing a computer without authorization by a federal grand jury last October. Kernell's case is ongoing.

Shortly after the Palin account hijack, Computerworld confirmed that the automated password-reset mechanisms used by Hotmail, Yahoo Mail and Google 's Gmail could be abused by anyone who knew an account's username and could answer a single security question.

Monday, October 05, 2009

Help the Insurance Companies!!!

How to turn a spare Linux machine into a media server

How to turn a spare Linux machine into a media server

Your home hub awaits

media-tomb

When MediaTomb is running, you can add files and folders to your media collection through a web interface

Linux is brilliant at serving files. It's this ability that keeps the enterprise world turning to Linux for its heavy lifting jobs and that keeps the world Googling 24/7.

But it's just as good at serving files from a computer tucked away under the stairs or stuck in the loft, and a server in your house is now becoming an essential accessory.

Mobile phones, games consoles and even televisions are rapidly developing the ability to read, display and play files held on a media centre PC, and Linux is the perfect free software solution. All you need is a relatively low-powered PC, a decent amount of storage and somewhere safe to hide it.

1. Install the software

We've chosen to use Ubuntu Server Edition for two reasons. First, it's the same distribution that most people know and love, only optimised for use on a server. Second, you still have access to exactly the same packages and repositories as you do with with the desktop version, which makes installing and using software easy.

Put the disc into the machine you want to use as the server and select your language followed by 'Install Ubuntu Server'. Unlike the desktop version, there's no graphical installer. Instead you'll need to choose your configuration settings from the pages of options that appear throughout the installer.

Don't let this put you off; there aren't any questions that can't easily be answered, and the installation is effectively no different from a standard desktop installation.

The first question asks you again for the language, the second for your location and the third for your keyboard layout. After a brief pause, you'll be asked for a hostname. You might want to change this to something like 'mediaserver', rather than the default 'ubuntu' to avoid confusion with any other Ubuntu installations you may have running on the same network.

2. Partition the disk

The next installation step is disk configuration. This is a much more important consideration for a media server than it is for a standard desktop installation, because of the sheer volume of files that you'll be storing on it.

The most convenient solution is to use an old disk of around 10GB (or less) for the Linux installation and a high capacity drive for your media content. You can then select 'Guided – Use Entire Disk' on the installation page, then select the disk to install to and give Ubuntu complete control over how it creates the installation. Your media storage disk can be configured later.


PARTITION YOUR DRIVE: If you create a separate root partition, you'll be able to update your system without worrying about your files

The second-best option is to create two partitions on a single drive, using the smaller partition for the root file system and the other partition for your data. This way, you can update the root partition if you need to, or easily back up your data partition without infecting it with system files.

After skipping through the partition section you'll be asked for your real name, username and password. You should give this a little more thought than with the desktop, as it's likely that your server will be on all the time and accessible from the internet, so a secure username/password combination is vital.

Press Continue to skip the HTTP proxy installation, and choose to install security updates automatically when asked. Finally, don't select any of the default server packages unless you want to enable SSH for remote administration, then click on Continue to install the system.

3. Configure MediaTomb

We're now only a couple of steps away from completion. When your machine restarts after installing all the main packages, you need to log in and type sudo apt-get install mediatomb into a terminal. This will grab the media-streaming software and install it on your system.

All you need to now is type mediatomb to run the server. Watch the output, because you should see something like the following:

2009-07-16 15:20:52 INFO: MediaTomb Web UI can be reached by following this link: 2009-07-16 15:20:52 INFO: http://192.168.1.89:49152/

This is the port and the IP address for the server, and you should now be able to point a web browser on the same network at this address and use the simple user interface to add the files and folders that contain your various bits of media.

After a few moments, the media should appear on any UPnP streaming client, such as those on a Playstation 3 and XBox 360.

Motivational Monday

Thought for the Day


VICTORY IS ALWAYS POSSIBLE FOR THE PERSON WHO REFUSES TO STOP FIGHTING.

Julius Caesar had long wished to capture the British. He sailed to the British Isles, quietly unloaded his troops and supplies, and gave the order to burn the ships. He then called all of his men together and said, "Now it is win or perish. We have no choice." With that single order, he guaranteed the success of his campaign. He knew that people who have no other alternative-or will accept no other-always win. If you find yourself in a situation where victory seems impossible, you may benefit your cause by developing an alternate course of action. If your objective won’t yield to a full frontal assault, try an oblique approach. There are very few problems in life that are impossible to solve, and few obstacles that will not eventually give way to a determined, motivated person with a plan that is flexible enough to cope with changing condition.

This positive message is brought to you by the Napoleon Hill Foundation. Visit us at http://www.naphill.org.


Friday, October 02, 2009

Motivational Moment



FROM NIGHTINGALE.COM

"When you squeeze an orange, orange juice comes
out - because that's what's inside. When you are
squeezed, what comes out is what is inside."

— Wayne Dyer: Self-development author and speaker

Thursday, October 01, 2009

How Cuts to Maintenance Costs Can Cause On-the-Job Stress

How Cuts to Maintenance Costs Can Cause On-the-Job Stress