Wednesday, February 24, 2010

Need a job? Learn Drupal

Need a job? Learn Drupal

The economy may be getting better, but unemployment is still high. Companies slashed budgets and personnel last year, but as the economy begins to recover, the creation of jobs is not falling in line.

The lack of new jobs continues to be an issue even for San Francisco Bay Area tech companies. So, how are unemployed developers and technologists supposed to find work? One solution: learn new skills.

Drupal is a free software package that makes publishing and managing social content on the web easy. It's been downloaded more than 2 million times to date. And though Drupal has been around for more than nine years, it's become more credible over the last several due in part to a dedicated community and the fact that high-profile government Web sites such as and corporations like Warner Brothers records have adopted the open-source content-management system.

I recently learned that there are more jobs available working with Drupal than there are employees to fill them. According to John Faber, COO at AF83, a Drupal development shop, they're so busy with projects that they've had to turn away business. And it's the same for many other Drupal specialists in San Francisco. There's a clear need for bodies skilled in Drupal and other open source software, including Linux.

Faber and other Drupal users are organizing this year's DrupalCon, the Drupal community conference being held April 19-21 in San Francisco, hosting training sessions for anyone who wants to learn Drupal. Training from the world's best Drupal shops that normally costs more than $1,500 will cost $150 to $350 at DrupalCon. That includes everything from introductory courses for novices just getting started to more advanced sessions for people wanting to brush up. And it's all available the day before the conference begins, April 18 at Moscone Center.

Inexpensive training for a desirable technology that is useful for jobs is a great idea. And Drupal is easy enough to use that virtually anyone in technology can get up to speed quickly. It's worth checking out--especially if it leads to a spanking new job.

Tuesday, February 23, 2010

Linux Box to Market the Ubuntu Operating System to U.S. Enterprise Users

Linux Box to Market the Ubuntu Operating System to U.S. Enterprise Users

ANN ARBOR, Mich., February 16, 2010 - One of the most rapidly growing and popular operating systems, Ubuntu, is taking a significant run at the U.S. business and enterprise market thanks to a new partnership between The Linux Box and software developer Canonical Ltd., the company behind Ubuntu.

Launched in October 2004, Ubuntu is one of the most highly regarded Linux distributions in the world with more than 10 million users. With users in homes, schools, businesses and governments around the world, Ubuntu is a powerful and secure open source operating system for desktops, laptops, netbooks and servers. Ubuntu contains all the applications you need and will always be free of charge. With the values of open source software at its core, Ubuntu costs nothing to download or update.

As an official Canonical Silver Solution Provider Partner, The Linux Box will sell, install and support customized Ubuntu-based solutions to organizations running Linux systems. It will also provide businesses with large-scale migration deployment support and training services for cloud computing infrastructures and enterprise desktop alternatives.

"Combining forces with The Linux Box enables many more US businesses in every industry to embrace Ubuntu as their end-to-end open source data center solution," said Steve George, director of corporate services at Canonical. "We look forward to Ubuntu being The Linux Box's best-of-breed open source solution."

The Linux Box is an established bespoke software development consultancy that customizes open source projects for clients across a variety of sectors, providing professional services for organizations looking to gain competitive advantage, reduce IT costs and increase the control they have over their open source technologies.

"Ubuntu's game-changing operating system model is catching on with original equipment manufacturers and business organizations of all sizes," noted Elizabeth Ziph, CEO and co-founder of The Linux Box. "We hope to help educate enterprises to Ubuntu's solid performance characteristics and to expand its market share."

For more information about Ubuntu, or to inquire about enterprise sales, contact

About Canonical
Canonical provides engineering, online and professional services to Ubuntu partners and customers worldwide. As the company behind the Ubuntu project, Canonical is committed to the production and support of Ubuntu - an ever-popular and fast-growing open-source operating system. It aims to ensure that Ubuntu is available to every organization and individual on servers, desktops, laptops and netbooks.

Canonical partners with computer hardware manufacturers to certify Ubuntu, provides migration, deployment, support and training services to businesses, and offers online services direct to end users. Canonical also builds and maintains collaborative, open-source development tools to ensure that organizations and individuals can participate fully in innovations within the open-source community. For more information, please visit

About The Linux Box
Founded in 1999, The Linux Box is a professional services organization specializing in open source technology and the Linux platform in the server and cluster environments. It provides software development and customization services to a broad range of clients in industries ranging from energy and financial services to government, life sciences and the utilities

School Webcam Spying Holds Lessons for Businesses

School Webcam Spying Holds Lessons for Businesses

The webcam school spying incident holds lessons for businesses looking to monitor computer use without crossing the line
By Tony Bradley

The Lower Merion School District in Pennsylvania is getting a crash course--trial-by-fire style--on the limits of what is acceptable when monitoring computer activity. The facts are still being worked out, and investigations and lawsuits are still pending, but there are some lessons to be learned here for conducting an effective--and legal--monitoring program.

1. Disclosure. One of the most important steps in separating "monitoring" from "spying" is to establish what is acceptable, and provide some advanced notice that computer activity and communications could be monitored.

In general, there is no need to specify how or when the monitoring might be done. A disclaimer that the company reserves the right to monitor activity is more or less standard. However, the ability to enable the webcam on a laptop in the individual's home without their knowledge or consent is outside of the gray area--it crosses from diligent monitoring to creepy spying real quick.

2. Discretion. Even if monitoring has been disclosed as a possibility, some controls should be in place regarding how and when monitoring is conducted (especially for equipment like laptops that are also used in the home), as well as which individuals have the authority to conduct monitoring, or access data gathered through monitoring.

While the company may be within its legal rights in monitoring network and computer activity of employees, the privacy rights of employees engaged in illicit or questionable activities could still be violated if those actions are broadly disclosed to peers, managers from other departments, or other parties that have no stake or interest in the employee's productivity.

3. Personal Use. The jury, or in this case the Supreme Court of the United States, is still out on this issue, but based on the case of Ontario, CA police officers suing the Ontario police department, the company's right to monitor its network and equipment could be superseded by an implied expectation of privacy when personal use is also authorized.

Essentially, the company does have the right to monitor the communications and activities on its network and company-issued equipment. However, when the company also specifies that employees are allowed to conduct personal business and communications using company-issued equipment it gets a little murky whether or not that permission comes with an expectation of privacy.

4. Don't Go Dutch. In the case of the Ontario police department, one of the other factors clouding the issue is that officers were given a base plan and asked to pay for any overages resulting from excessive personal use. The fact that the officers were asked to pay a portion of the service charges also includes some degree of implied expectation of privacy. Similarly, as is the case with the students of Lower Merion School District, or employees using company-issued laptops from home, the individual is actually paying for the Internet service, therefore the company (or school district) may be overstepping its authority by monitoring that activity.

5. Automation. Using monitoring software can automate the process of monitoring, and provide an aggregate view of the correlated data--the "big picture"--without exposing the identity or violating the privacy of any specific individual. Excessive usage or indications of suspicious or unauthorized activity can then be drilled down for further investigation, but there should be established guidelines or thresholds and clearly-defined policies covering those actions to prevent any impropriety --real or perceived--on the part of the employer.

IT administrators must strike a balance between diligent monitoring to maintain productivity, prevent legal liability, and meet compliance requirements, and violating employee privacy. The line between monitoring and spying can be thin at times, and the cases of the Ontario police department and the Lower Merion school district could both have repercussions affecting the ethics and legality of monitoring.

Artificial Retina Enables Blind to See Again

Artificial Retina Enables Blind to See Again By: R. Colin Johnson
Silicon retina prostheses capable of being implanted inside the eyes to restore sight are entering the third generation with the aim of enabling reading, facial recognition and unaided mobility for previously blind patients.

The U.S. Department of Energy has awarded major responsibility for the development of a third-generation retina prosthesis to Lawrence Livermore National Laboratory (LLNL, Livermore, Calif.). The third-generation artificial retina will enable previously blind people to read, recognize people's faces and restore mobility so that people can navigate about the world again using their sight.

Artificial retina team member Terri Delima holds a thin-film artificial retina array fabricated at the Lawrence Livermore National Laboratory.

The retinal implant is designed for the millions of patients worldwide suffering from retinitis pigmentosa and age-related macular degeneration, since it implants an electrode array atop the old damaged retina to stimulate the undamaged nerve ganglia lying underneath, with image information wirelessly transmitted to it from a video camera mounted on a pair of eyeglasses.

The first-generation implants were successfully tested on six patients, but only held 16 electrodes (4-by-4-pixel array), which enabled the crude perception of lighted areas versus darkness after about 15 seconds. The second-generation implant upped the electrode array to 60 electrodes, which enabled 34 test patients to recognize doorways and windows as well as the edges that assist in navigation, such as walls and low-lying branches, after about 3 seconds.

The goal of the third generation of the implant will be to increase the electrode array to more than 200 electrodes, which will enable the near instantaneous recognition of text for reading, pictures and all the edge cues needed to navigate the world unaided. Ultimately, the artificial retinal will contain over 1,000 electrodes, which should restore instantaneous recognition of faces and other fine details that should fully integrate patients back into everyday society.

The artificial retinas are being fabricated on silicon wafers by LLNL with the assistance of four other national laboratories, four universities and a private company, Second Sight Medical Products (Sylmar, Calif.), the latter of which will be responsible for commercializing the third-generation device, including performing all the field trials necessary to obtain full Food and Drug Administration (FDA) approval.

Also instrumental in the third-generation device will be the Doheny Eye Institute, at the University of Southern California (Los Angeles), which will provide the clinical testing of the electrode array implants, and Argonne National Laboratory (Illinois), which will use its ultrananocrystalline diamond film technology to hermetically seal the package for the prosthetic device to protect it from the salty environment inside the eyeball.

The third-generation retinal implants are fabricated 12 at a time on silicon wafers using LLNL's polymer-based micro-fabrication techniques. The entire retinal implant assembly is composed of a thin-film electrode array that contains the neural electrodes and a biocompatible package that contains the electronics for stimulating the retina, as well as a wireless receiver for powering the device and receiving the image data from the camera. LLNL is also developing a companion ocular surgical tool that will enable the easy insertion and attachment of the thin-film electrode array inside the eye.

Other project contributors include Los Alamos National Laboratory, Oak Ridge National Laboratory, Sandia National Laboratory, California Institute of Technology, North Carolina State University and the University of California at Santa Cruz

Nanoparticles Offer Hope of Successful Heart Disease Treatment

Nanoparticles Offer Hope of Successful Heart Disease Treatment By: Dave Greenfield
Heart disease kills tens of millions of Americans each year. Now nanotechnology may have just the answer to help save lives.

In 2008, UCLA researchers discovered that pollutant nanoparticles -- less than one-thousandth the size of a human hair -- can damage heart health by lowering “good” cholesterol levels. It is fitting, then, that these tiny particles can also be used to repair damaged arteries. MIT and Harvard researchers have taken work using nanoparticles in cancer treatment and are focusing on applications for heart disease.

The nanoparticles, or nanoburs, seek out damaged arterial tissue and slowly release drugs, such as paclitaxel (to keep arteries open and prevent scar tissue from forming), to the vascular walls. These drug-infused missiles target exposed basement membrane, which lines the walls of arteries.

Traditionally, stents have been used to treat damaged arteries by propping them open. Many of these are coated with drugs, again, like paclitaxel. However, recent studies have found stents to be much overused and not effective in certain areas of the body, such as near a “fork in the artery.” It is hoped that nanoburs will be used in conjunction with or in place of stents. One upside is that nanoburs can be injected via IV, so patients would not have to undergo invasive and possibly risky surgeries.

The structure and design of these nanoparticles offers other benefits. The MIT and Harvard researchers built the nanobur with a sequence of amino acids, called C11, as a coating. Inside the core is the drug, which is attached to a polymer chain. As the drug detaches from the polymer chain, it is released to the artery walls. This design allows scientists to manipulate the release of the drug.

The structure of the nanoburs has other benefits: It can reduce the risk that the nanoburs will burst and release drugs into the system in an unsafe manner; and pharmaceutical manufacturing is likely to be much easier because the polymers that are targeted attach to the shell, not the drug core. If attached to the drug-carrying core, the chemical reaction required would be much more complex and harder to manufacture.

“This is a very exciting example of nanotechnology and cell targeting in action that I hope will have broad ramifications,” says the study’s senior author, Robert Langer of MIT -- a hope shared by the 81 million Americans who suffer from cardiovascular disease.

Text donations for Haiti relief spur nonprofits to follow sui

Text donations for Haiti relief spur nonprofits to follow suit

But $10 limit could be risky, since some donors would be willing to give more
By Matt Hamblen

Nonprofit groups desperate to raise donations during the economic downturn are considering text-to-donate campaigns similar to the wildly successful American Red Cross texting effort for Haiti earthquake relief.

The Red Cross raised $32 million in a month in $10 donations for Haiti relief by urging donors to text "Haiti" to 90999 on their cell phones. The donations were collected by wireless carriers and forwarded to the relief agency. The effort raised $4 million just two days after the Jan. 12 disaster that killed more than 200,000 people.

"All the nonprofits woke up and are very keen on mobile giving after seeing the AMR rake it in," said Katrin Verclas, an analyst at in New York, a group committed to promoting mobile giving.

"Based on the inquiries we get, we're seeing enormous interest in going beyond emergency relief like Haiti to finding mobile functions to augment and supplement their other fundraising campaigns," Verclas said in an interview.

A study of six nonprofits (free with registration) that Verclas co-wrote outlines some of the strategies the groups deployed in using text donations and other solicitations. The study, called "2010 Nonprofit Text Messaging Benchmarks" by M+R Strategic Services and, noted that the AMR's mobile fundraising campaign is the largest grossing to date. It was written because of the attention that the successful Red Cross campaign has generated.

"The Haiti earthquake marked a turning point in mobile giving," the benchmark study says. "It showed that text messaging can be a far-reaching tool for immediate engagement."

Nonprofits had already begun using text messaging for fundraising, recruitment and engagement of new and existing members before the Haiti earthquake, noting that 90% of Americans own mobile phones and keep them close by. The study also says that text messaging is especially well-suited for call-in alerts, but it also has "substantial limitations," including the 160-character limit that "leaves little space to make a case for giving or taking action."

The biggest quantifiable success the study found was the percentage of people contacted by text who returned a call to a candidate for public office or other decision maker on behalf of an organization, such as an animal rights group. The response rate on such advocacy text messages was 4.7%, nearly six times the response rate for advocacy e-mails. "This rate is impressive, and indicative of the power of text messaging to generate an immediate response," the study says.

But there are limitations. It wasn't until 2007 that nonprofit groups and others could solicit donations from U.S. wireless subscribers. Even now, donations can only be made in $5 and $10 amounts because of restrictions imposed by the wireless carriers.

"The $10 donation is a far cry from the $71 average donation seen across the nonprofit sector in response to e-mail solicitations," the study notes, arguing that it is "potentially risky" to solicit gifts via text message from active donors who would give more through another channel.

The study urges using text messaging in a multi-channel fundraising strategy that includes e-mail, Web, direct mail and phone calls. For example, to get around the $10 texting limit, an organization could send a text asking subscribers to call an 800 number or reply "call," to be connected to a call center that could take a donation of any amount.

All the major U.S. carriers quickly forwarded the donations to the Red Cross for Haiti relief, and most carriers donated the cost of sending a text message, Verclas said.

Making a text donation is an easy impulse buy that can be fairly costly if each text message cost is 20 cents or higher, Verclas noted. Roughly half of subscribers have unlimited texting plans paid at a fixed monthly cost. However, the other half pay 20 cents or more per text, for as many as four text messages, or 80 cents in all, to make a single donation, since U.S. mobile carriers charge both the sender and recipient for each text message, and the donations often come with a "confirm" text sent back to the donor.

With a single donation of $10, an 80-cent texting charge would be a steep percentage of the total, Verclas noted. "Mobile giving is great for impulse giving, but you do pay for impulse giving," she noted.

Verclas has also edited an article Texting for Charitable Dollars: The Definitive Guide to Mobile Fundraising which describes the text-giving process in greater detail.

The study by and M+R Strategic Services looked at the texting practices of six groups: the American Society for the Prevention of Cruelty to Animials, Planned Parenthood Federation of America, NARAL Pro-Choice America, The Humane Society of the United States, Defenders of Wildlife and the Human Rights Campaign.

Monday, February 22, 2010

Infiltration of Kneber reveals interesting data, but what is the threat?

FAQ: The Kneber botnet revealed

Infiltration of Kneber reveals interesting data, but what is the threat?
By Tim Greene

Security vendor NetWitness recently tapped into the logs of a command-and-control server for a botnet it calls Kneber, which has infected at least 75,000 computers at 2,500 companies and government agencies worldwide. Here are some answers to frequently asked questions about the botnet.

What exactly is the Kneber botnet?

It's a botnet discovered Jan. 26, 2010, by NetWitness that compromised 74,000 computers via the ZeuS Trojan and gathered logon and password information from them. NetWitness announced its discovery Thursday.

Where did it get its name?

The name comes from the registrant for the original domain used to pull together various components of the botnet --

How old is it?

The first activity from it was March 25, 2009.

Is it out of business now?

No. After a command-and-control server for it was traced to Germany, its URL was changed, and it's running just as it was before it was discovered. The data gleaned from the server has been turned over to law enforcement agencies and major companies with employees whose computers were bots have been notified.

What damage can it do?

Individuals whose personal data was mined might suffer financial loss if criminals use the data to transfer funds out of their accounts.

What exactly is the ZeuS Trojan?

ZeuS, also called Zbot, is a very effective cybercrime tool that is routinely updated, made more sophisticated and more stealthy. It can present a different profile in each computer it infects, making it difficult to catch using signatures.

What do cybercriminals use it for?

It's often used to gather user logons and passwords, and injects its own fields into Web pages seeking more detailed information about the user's identity. But it can also steal whatever data is on a computer, can enable remote control of compromised machines and can download other malware. It also periodically uploads what it gathers to command-and-control Web servers.

How dangerous is it?

It is ranked as the most dangerous type of botnet in operation by the security firm Damballa, and 1,313 ZeuS command-and-control servers have been identified by Zeus Tracker. A ZeuS botnet was once used to steal records of people looking for jobs through

Why has it been around for so long?

The bot-creator is constantly upgraded to be less detectable and more flexible. It is encrypted and it adopts rootkit characteristics to hide in infected machines. It is sold for about $4,000 per copy, so there are many cybergangs using it to create botnets that they use for their individual illicit activity.

Is there any hope of stopping it?

Competition may help. A Trojan called SpyEye does much the same thing as ZeuS and comes with a Zeus uninstaller, so if it hits on a machine already enlisted in a ZeuS bot, it can kick out Zeus and claim machine for itself. Of course, the computer is still a bot, just with a different commander.

Tuesday, February 16, 2010

TR Dojo: Locate a stolen laptop with Prey

Microsoft yanks patch causing XP PCs to crash

Microsoft yanks patch causing XP PCs to crash

Microsoft removes troublesome patch for consumers, but not for enterprises using WSUS or SMS

By Microsoft Subnet

Hundreds of users posted messages on a Microsoft support forum complaining that Patch Tuesday's updates were crashing their XP computers. Indeed, a couple of readers wrote to Microsoft Subnet about the problem, too. Microsoft responded on Thursday by removing the offending patch from its automatic download for consumers. However it did not remove the patch from its enterprise patch management systems.

The troublesome patch was narrowed down to MS10-015. Microsoft didn't step up to take full blame for the problem -- saying that the issue could be caused by third-party software. Indeed, some independent security researchers are seconding that opinion, saying a rootkit appears to be the cause. Patrick W. Barnes, an Amarillo, Texas-based computer expert who is credted with discovering the infection, posted instructions on how to repair the atapi.sys file. (Warning: his blog appeared to be offline on Friday morning, presumably from the traffic caused by people wanting those instructions.)

Jerry Bryant, a senior manager with the Microsoft Security Response Center (MSRC), said in a blog post that the security team is still investigating. Until then, Bryant urged users to install the other patches, and to implement an automated workaround that disables the vulnerable NT Virtual DOS Mode (NTVDM) subsystem.

MS10-015 fixed a pair of 17-year-old kernel bugs in 32-bit versions of Windows. The holes became public three weeks ago when a Google engineer published proof-of-concept attack code, reports Computerworld.

While consumers won't find the patch automatically pushed to them, it has not been removed from enterprise auto-patching systems. Says Bryant," those using enterprise deployment systems such as SMS or WSUS will still see and be able to deploy these packages."

Microsoft says that XP users who are experiencing these issues can get by either going to or by calling 1-866-PCSafety (1-866-727-2338). International customers can find local support contact numbers here:

Motivational Moment

Napoleon Hill Foundation Thought For The Day

Thought for the Day

February 16, 2010


In today’s "everything is negotiable" society, we are bombarded with messages telling us that we get what we demand, not what we deserve. You may temporarily achieve success by demanding more than your due from others, but it will not long endure. "Squeaky wheels" may initially receive the most attention, but the wise wagon master eventually replaces them. It’s easy to create problems and dissension but very difficult to lead others in a spirit of cooperation and harmony. Which type of individual do you think is most valuable to the organization? The greatest rewards in life-both financial and personal-will always accrue to the peacemakers of the world.

This positive message is brought to you by the Napoleon Hill Foundation. Visit us at We encourage you to forward this to friends and family.

Friday, February 12, 2010

Motivational Moment


"Sometimes your greatest asset is simply your
ability to stay with it longer than anyone else."

— Brian Tracy: Self-help author and speaker

Thursday, February 11, 2010

A startup thinks it's got the alchemical smarts to turn trash into diesel fuel.

Trash into Diesel By: Dave Greenfield
A startup thinks it's got the alchemical smarts to turn trash into diesel fuel.

Covanta Energy is working with a $1.5 million grant from the Army Corps of Engineers that might provide a solution for growing fuel demand, as well as another problem facing the American military—trash. And it’s in the trash that Covanta is looking for an answer.

The American military is an oil-guzzling beast that is constantly hungry. In 2008, it demanded in excess of 68 million gallons of fuel each month for support forces in both Iraq and Afghanistan, and the problem is compounded by attacks that, in June 2008 alone, cost the United States more than 200,000 gallons of fuel and 44 diesel-delivery trucks.

There are no permanent bases in either Afghanistan or Iraq. Because of this, disposing of trash at remote locations is difficult and dangerous. Burn pits are not safe for those exposed to them, and incinerators are too expensive to set up for short-term use. In essence, it uses valuable fuel and manpower to remove trash, which puts both at risk.

Covanta is working on a project that would turn solid waste into fuel. The benefits:

  • Reduced fuel costs

  • Reduced health risks to those disposing of trash at nonpermanent locations

  • Reduced danger to fuel convoys and loss of fuel due to attack

Covanta would mix solid waste with heavy oil and a catalyst (which contains aluminum, silicon and sodium), heat it to 500 degrees in a unique turbine reactor, and produce liquid diesel. This recipe is dependent on the 3,000-rpm turbine, which can handle liquids, solids and vapor. Because the turbine can treat solid waste at relatively low temperatures, it can reduce the amount of fuel it takes to convert trash into diesel, and chemical reactions and toxins are less likely to be produced.

While there have been attempts made to turn trash into energy for generators, Covanta is the first company that is working on making diesel from trash, the result of which is molecularly identical to diesel, not biodiesel. Currently, there are no programs in widespread use to fuel military operations in part with alternative energies. Covanta is hoping to change that and solve two pressing problems for the price of one.

Education Apps for Smartphones

Education Apps for Smart-phones
David Andrande

We hear a lot about iPhone apps, but there are plenty of apps for Palm phones that are useful in education:

■ Dictionary
■ Thesaurus
■ Docs to Go (Word, PowerPoint, and Excel)
■ Calculators
■ Teacher and student organizers

■ Precentral: single best resource for Palm Pre and Pixi and WebOS
■ Homebrew apps for WebOS: more than 300, including conversion calculators, organizing tools, and periodic table
■ World Atlas
■ World Factbook (information about countries)
■ Classtracker (student grade and assignment tracker)
■ Scientific Calculator
■ Stopwatch/timer
■ Word of the Day: great resource for helping students learn new words and strengthen vocabulary
■ Periodic table
■ Unit Conversions

Tuesday, February 09, 2010

Inside Facebooks FarmVille's Sinister Underbelly

ShmooCon: Inside FarmVille's Sinister Underbelly

By Bill Brenner, CSO

You see it all the time on Facebook: A friend moving on up in FarmVille. Another friend trying to expand his posse in Mafia Wars. Everyone thinks of them as harmless third-party applications, free from the crooks and cooks of cyberspace.

Unfortunately, that's not the case.

The sad fact is that these applications are susceptible to malware pushers and those looking to steal your personal information. It's not much of a stretch for hackers to impersonate people you think are trusted, fellow players, as is the case with a lot of online gaming. And the more you expose yourself, the bigger the target you become.

The dangers of these games were part of a larger talk on social networking dangers at the 2010 ShmooCon security conference. Indeed, social networkers are in danger from all corners, be it from malicious Twitter bots you think is a celebrity following you or that hot model who friended you on Facebook, hoping you wouldn't notice that she's nothing more than a phishing hook.

In their talk, "Social Zombies II: Your Friends Need More Brains," security practitioners Tom Eston, Kevin Johnson and Robin Wood continued what they started in their "Social Zombies: Your Friends want to eat Your Brains" presentation at DEFCON 17.

They presented new techniques and tools used to exploit people on these social networks. They also examined how all your profile information is being used against you and eroding your privacy [related story: 6 Ways We Gave Up Our Privacy].

"Facebook has 350 million users with 12 million logging in daily. Twitter is getting 6.2 million new users a month. The target base keeps growing," said Eston, a penetration tester for a Fortune 500 financial services organization.

In one of their more colorful examples, the trio explained how actress Jessica Biel is the most dangerous woman on the Internet because of all the fake profiles of her scattered throughout the social networking landscape.

People on Twitter are easily duped into thinking Biel is following them in Twitter. The Facebook folks proudly count her among their friends, not realizing the page is really under the control of a malicious operator who wants you to click on malicious links on the page.

Then there's Blippy, a social network billed as a "fun and easy way to see and discuss the things people are buying." The presenters noted that penetration testers absolutely love this platform because of the naked insight it offers into the spending habits of specific individuals. They also shared a favorite quote making its way around the infosec community: "I joined Blippy and all I got was jacked at the ATM."

Another example is Foursquare, a social networking program that lets you keep track of where your friends are, literally. If someone in your network is in South Korea or in front of the Alamo in Texas, Foursquare will tell you so. Want to use it on your iPhone? There's an app for that. And for BlackBerries, too.

While it's becoming increasingly difficult for people to turn away from social networking, especially since it's become a critical, legitimate business tool for many professionals, there are still ways to protect yourself, the presenters noted.

For one thing, you can avoid Facebook and Twitter pages purporting to be from famous people. A good way to tell if that Twitter page is really a malicious bot is to look at its follower/following ratio. If they're being followed by 50 people but are following over a thousand, that's a pretty good indication that something stinks.

And, they noted, if you must use apps to get around certain places and find the shops you're looking for, remember that too much information can be enough for someone evil to track your specific whereabouts and come after you.

National Clean Out Your Computer Day

Why Your Computer Sucks

Thursday, February 04, 2010

Start Black History Month Off Right

Start Black History Month Off Right

by Travis from the MPMG-Technology & The Urban Community Blog

The first thing we do is start highlighting black figures that we have never heard of. Don’t get me wrong there is nothing wrong with this, but I believe that “hindsight is 20/20″. In other words, to clearly see the present you have to look at the past. Dr. Carter Woodson who we consider the father of Black History Month wrote a deeply thought provoking book that many quote the title of, but have never read, “The Mis-Education of the Negro“.

Although this text was published in 1935, it is highly relative and prophetic for today’s issues surrounding black America. Anybody who is especially interested in educational reform would do good to read this book or even buying the audio book for your iPod/iPhone/Touch/iPad or whatever you listen to these days. So this month’s lesson people is go and read The Mis-Education of the Negro and then tell me if you agree with what many are calling educational reform, empowerment, and post-racial America. Peace

Skype sheds light on 3G calling, iPad

Skype sheds light on 3G calling, iPad

By Marco Tabini

Fans of Skype's popular VoIP application will have to wait a little longer to make calls over 3G networks with their iPhones, according to a post by spokesperson Peter Parkes on the company's blog.

As previously reported, Skype seems to be the lone holdout among a number of VoIP-capable apps that gained that ability last week as a result of a reported change in Apple's iPhone SDK agreement for developers. At the time, a company spokesperson told Macworld that Skype's delay was due to it "seeking some clarifications" from Apple.

Today's blog post provides a little more information on what's holding back the release of an updated app: the company says it's working on methods to provide the highest voice quality possible by using wideband audio--a technology used in telephony that extends the frequency of sounds transmitted across a connection, thus providing clearer audio signals.

According to a video interview with David Ponsford, Product Manager for Skype's mobile team, the updated app will also include a call-quality indicator and several other enhancements designed to improve the user experience during 3G calls.

In the same blog post, Parkes also hints that there will be a version of Skype for the iPad, although no details are currently available

Motivational Moment

Thought for the Day

February 4, 2010


Why can we so easily overlook in ourselves the faults we are quick to spot in others? It is easy to be objective when it comes to criticizing our friends, family members, and business associates, but it is far more difficult to be honest about our own shortcomings. Only when we recognize that we are all human, with the same faults and failings, do we begin to develop that wonderful quality of tolerance that enables us to accept others as they are and ask nothing in return. Replacing faultfinding with "goodfinding" is never easy. But when you become one who always compliments instead of criticizes, you become the kind of friend we would all like to have.

This positive message is brought to you by the Napoleon Hill Foundation. Visit us at We encourage you to forward this to friends and family. They can sign up for this free service at our web site.

How Wi-Fi attackers are poisoning Web browsers

How Wi-Fi attackers are poisoning Web browsers

Black Hat presenter describes latest public Wi-Fi security threat
Public Wi-Fi networks such as those in coffee shops and airports present a bigger security threat than ever to computer users because attackers can intercede over wireless to "poison" users' browser caches in order to present fake Web pages or even steal data at a later time.That's according to security researcher Mike Kershaw, developer of the Kismet wireless network detector and intrusion-detection system, who spoke at the Black Hat conference.

He said it's simple for an attacker over an 802.11 wireless network to take control of a Web browser cache by hijacking a common JavaScript file, for example.

"Once you've left Starbucks, you're owned. I own your cache-control header," he said. "You're still loading the cache JavaScript when you go back to work.

"Open networks have no client protection," said Kershaw, who also uses the handle Dragorn. "Nothing stops us from spoofing the [wireless access point] and talking directly to the client," the user's Wi-Fi-enabled device.

Knowledge gained from researchers over the past year, he said, is showing that browser-cache poisoning over Wi-Fi can be kept in a persistent state unless the user knows how to effectively empty the cache.

"Once the cache is poisoned, it's going to stay there," Kershaw said. This means that an attacker can intercede to "poison the URL" of the victim so that he will see a fake Web page when they try to visit a specific Web site or try to insert a "shim" that could "ship your internal pages off to a remote server once you're in a VPN."

The few defenses Kershaw suggested were continuously manually clearing the cache, or using private-browser mode. "Who knows how to clear the browser cache in an iPhone?" he asked.

Kershaw acknowledged he doesn’t know how widely attacks based on poisoning the browser cache via 802.11 actually are. But the potential for trouble is so evident he said he'd advise corporate security professionals to try to "forbid users from taking laptops onto open networks," though he admitted, "Your users may lynch you." He said some vendors, including Verizon, are looking at solving this problem with a custom client that is tied to specific operating systems.

Tuesday, February 02, 2010

Tales from the Shark Tank

Just our way of saying thanks

Pilot fish takes a job at a big manufacturing plant -- one with big IT problems. "It was a mess," fish says. "No backups, bad networking, you name it."
So he gets to work hammering things into shape. And after two years, backups are well-organized, the network is running perfectly, and fish is pretty satisfied with his efforts. And so, apparently, are his bosses.
"I got called into HR one afternoon," fish reports. "I was told, 'We have to let you go to save money. We're going to support the plant remotely. "'But we couldn't have done this without the great work you did.'"

Monday, February 01, 2010

Motivational Monday

6 Lessons for Life


I woke up Saturday morning in Newport News, Virginia, looked out the hotel window and all I could see was snow. I called the airport and heard the news no traveler wants to hear. The airport was shut down. I was set to speak to Lia Sophia Jewelry that morning at the hotel where I was staying and that night I was scheduled to be at an event in New York City. I knew one thing in that moment. If I was going to get to NY I wouldn't be flying there. And most likely I would be stranded for a few days in Virginia. I decided to make the best of it and focus on inspiring, serving and impacting those in the audience.

As fate would have it, the President of Lia Sophia, Tory Kiam, was attending my talk and was also heading to NY. When I walked off stage I was told he arranged for a taxi to take us to Washington DC where we would take a train to NY. Sounded like a great plan, Except for the fact that to get to the train station we would have to travel 182 miles through a snow storm on icy, snow covered roads and avoid getting stuck or into an accident along the way. It was an experience I will never forget!

Here are 6 Lessons I learned along the way. I hope they will help you on your journey through life.

1. The Right Driver Means Everything - Samud, the taxi driver, was amazing. He avoided ten accidents, handled ice patches with the driving skill of NASCAR's Jimmy Johnson, and stayed calm the entire time. Leadership is everything and the right leader is the difference between cruising past or crashing into the obstacles before us. Samud never doubted that we would get through the storm to reach our destination and his skill and confidence made it possible.

2. Every Driver Needs a Great Team - There were times when Samud couldn’t see and Tory and I would guide him by looking out the sides of the van. We were his co-pilots and advised him when to slow down, when to avoid other cars, and when to speed up the windshield wipers which were accumulating ice. We couldn't have reached our destination without Samud and he couldn't have done it without us. Teamwork made all the difference.

3. Tap into the Ultimate GPS - When you are driving on sheet of snow and ice you come face to face with the reality that no matter how confident and talented you are there is a lot you can't control. So you bet I prayed a lot and tapped into the ultimate GPS, God's Positioning System, and asked God to guide us safely on our journey.

4. Drive with Optimism - Tory kept laughing at me because every hour I would say the roads would get better the closer we got to DC. The first few hours the roads got worse. But sure enough as we approached DC the roads were plowed and smooth. I didn't know if the roads really would be better but I hoped they would be better. And that hope kept our spirits up when it seemed like we would never make it. Faith in a positive future keeps you moving in the right direction and helps you reach your destination.

5. It Could be Worse - Along the way instead of focusing on our predicament I kept thinking about the people in Haiti. Our situation was a walk in the park compared to what they are going through. Keeping things in perspective helps you stay positive through your challenges and keeps you humble and grateful.

6. Showing up Matters - I arrived at the event in NY with an hour left. It was a fundraiser for the George Boiardi Foundation. George died in 2004 when a ball hit him in the chest during a lacrosse game at Cornell University. George was known for his character, persistence, heart, work ethic and his plans to join Teach America after graduation. George's life was cut short but his dream lives on through his foundation. When I arrived I met his mom. We hugged and she thanked me for making the effort to be there. I couldn't help but think that if George was in my shoes he would do the same. He showed up on and off the field every day of his short life and his legacy lives on through so many people impacted by his example. So, no matter how long the journey I want to encourage you to "show up." Whatever it takes, show up. Whether it’s by plane, train or automobile, or all three, show up.


Jon Gordon