Leading a Tribe: Seth Godin’s 2010 Business of Software Conference Presentation
Posted on by Zuly GonzalezCategories Business of Software, Events, StartupsLeave a comment on Leading a Tribe: Seth Godin’s 2010 Business of Software Conference Presentation

This post is part of a series of posts from the 2010 Business of Software conference (BoS2010). For a summary of the conference, and an index to the other presentations, click here.

Seth’s 2010 Business of Software presentation: “Are you afraid to truly make an impact? The opportunity for linchpin organizations and the people who run them.”

Being a great programmer is no longer sufficient to succeed. Creating a piece of software that works is no longer an indicator of success. Times have changed. And in a world where we are bombarded with brands and products, we must create a unique experience to succeed.

Seth Godin at Business of Software (BoS2010)
Image credit: Mark Littlewood

Today, everyone and their mother can whip up a working software program. Competence is no longer a scarce commodity.

Because the cost of producing and marketing a software product is closely approaching $0, it is becoming an increasingly crowded market, full of competition. It is now harder than ever to stand out from the crowd. As a result, success in the software industry is now dependent on your ability to create a tribe – a movement, a place of belonging, a community – and lead it.

Creating a Tribe and Leading It

People want to belong to a tribe – it’s human nature. People are also waiting to be led, and it’s your job to lead them. But how, you ask? You must be creative, but most importantly, you must tap into their emotions. Make them feel something – joy, compassion, anger, outrage, importance, etc. Make them feel like they are part of something bigger, something lasting, something good.

Seth gave several examples during his talk, but there was one example I felt a deeper connection to. Seth explained how one man from the SPCA was able to lead a movement to make the city of San Francisco a no-kill city. He later went on to accomplish the same thing in other U.S. cities, with no money and no recognition. How did he accomplish such a feat? Because this was about more than just one man, and because it touched the hearts of people like you and me. This was about improving the lives of many.

Your mission, should you choose to accept it, is to create a movement, and lead it! But software that’s boring will never turn to a movement. When considering a product’s viability, Seth says there are four things you should ask yourself:

  • Who do I need to reach? And how can I reach them?
  • Will they talk about my product to others?
  • Do I have permission to continue talking to them after I’ve reached them?
  • Will they pay for my product?

 

Seth Godin at the 2010 Business of Software conference (BoS2010)
Image credit: ©John M. P. Knox

The Network Effect

In the old days, using software was a lonely experience. Today, software is used by millions to connect with each other. Question number 2 above, is central to making the network effect work for you. If you create value and provide a unique experience for your users, they will market your product for you.

When considering a software’s network effect, ask yourself:

  • Is my product creating a demonstrable value?
  • Is it easy and obvious for someone to recruit someone else?
  • Is my product open enough to be easy to use, but closed enough to avoid becoming a commodity?

Key Takeaway From Seth Godin’s Presentation

The best way to sum up Seth’s Business of Software presentation is to use his own words: “Software won’t succeed because it was written by a brilliant programmer. It will succeed because of the business brilliance behind it.”

Memorable Quotes

Some memorable quotes from Seth’s BoS2010 presentation:

  • “The reason to fit in is to be ignored.”
  • “Software that’s boring will never turn to a movement.”
  • “People are waiting to be led.”

Seth summarized his BoS2010 presentation on his blog. You can find it here.

More on Seth Godin

Seth Godin is a renowned speaker and bestselling author of 10 books that have been translated into 20 languages, and have transformed the way people think out marketing, change and work. He is responsible for many words in the marketer’s vocabulary including permission marketing, ideaviruses, purple cow, the dip and sneezers. His latest book, Tribes, is about leadership and how anyone can become a leader, creating movements that matter.

You can find Seth’s marketing blog here.

Follow Seth on Twitter here.

View Seth’s 2008 Business of Software presentation: ” Too important to be left to the marketing department”

What are your thoughts on Seth’s presentation? If you attended BoS2010, did I miss an important point? What was your favorite part of Seth’s presentation? What was your key takeaway from his talk?

The 2010 Hacker Challenge
Posted on by Zuly GonzalezCategories Events, Security1 Comment on The 2010 Hacker Challenge

October is national Cyber Security awareness month, and what better way to promote it than with the 2010 Hacker Challenge.

The 2010 Hacker Challenge Logo

The Hacker Challenge is a competition in which Department of Defense Sailors, Soldiers, Marines, Airmen and civilian government employees try their hands at solving computer and network security problems. It’s a free and open competition designed for beginner to intermediate level security professionals and enthusiasts, and is designed to engage military and civilian members in a fun and educational way.

It started three years ago as a way to address training deficiencies in some of the military’s mandatory computer security training courses.

Hacker Challenge 2010 Details

The 2010 Hacker Challenge begins on October 27, 2010, and ends November 10, 2010.  During this two week period, participants will work at their own pace to solve the challenges. If you’re interested in participating in the 2010 Hacker Challenge, you must sign up before October 25, 2010.

Teams of up to 6 members are allowed, including one person teams.

The Hacker Challenge is comprised of two parts – a written portion and a hands-on portion. The written portion involves a series of questions that will test a participant’s knowledge of technology and security topics. The hands-on portion will test the participant’s security knowledge through the use of tools during practical exercises. Some challenges will be easier than others. For a few examples see the sample Hacker Challenge questions below.

This is a friendly competition, and does not involve the use of any malicious software. There are also strict rules on cheating, and what is considered cheating. Any team caught cheating will be disqualified, and it will be publicized on the Hacker Challenge blog.

Sample Hacker Challenge Questions

Below are a few of the questions you might find in the Hacker Challenge competition. These questions were taken from the 2009 Hacker Challenge. Remember this contest is for beginner to intermediate level security enthusiasts.

1) Download and crack the passwords found at this link.

2) You perform a banner grab against a customer’s web server and get the following response. What does it mean?

GET / JUNK/1.0
HTTP/1.1 200 OK
Date: Sun, 15 Jun 2003 17:17:47 GMT
Server: Apache/1.3.23
Last-Modified: Thu, 27 Feb 2003 03:48:19 GMT
ETag: "32417-c4-3e5d8a83"
Accept-Ranges: bytes
Content-Length: 196
Connection: close
Content-Type: text/html

3) Download the packet capture in the below link and look at the device with the MAC address of 00:12:0E:6F:B4:4B. What is this device, and what do you think it’s doing during the time period traffic was captured?

4) Watch Hak5 episodes 1 and 3 from season 4 and pay attention to the sections dealing with the “WiFi Pineapple.” Discuss how the WiFi Pineapple is able to masquerade as a “trusted” AP and suggest at least one way that a user can tell this type of attack is occurring.

5) Dig through the below captured packet and state the following things: (a) What browser is being employed? (b) What application on the browser will be used? (c) What OS is being used? (d) What device did this packet come from?

0000    00 04  5a f2  25 d8  00 12  0e  6f b4  4b  08  00   45  00
0010    00 de  a2 ab  40 00  40 06  b5  3d ac  14  14  05   4a  dc
0020    d7 3b  05 f9  00 50  c5 5f  13  be 38  8e  eb  66   50  18
0030    0b 68  c9 47  00 00  47 45  54  20 2f  63  68  75   6d  62
0040    79 5f  76 69  64 65  6f 73  2f  62 61  6c  6c  73   2e  66
0050    6c 76  20 48  54 54  50 2f  31  2e 31  0d  0a  48   6f  73
0060    74 3a  20 72  62 65  6c 6f  74  74 65  2e  6e  65   74  0d
0070    0a 41  63 63  65 70  74 3a  20  2a 2f  2a  0d  0a   55  73
0080    65 72  2d 41  67 65  6e 74  3a  20 4d  6f  7a  69   6c  6c
0090    61 2f  35 2e  30 20  28 63  6f  6d 70  61  74  69   62  6c
00a0    65 3b  20 55  3b 20  43 68  75  6d 62  79  3b  20   4c  69
00b0    6e 75  78 29  20 46  6c 61  73  68 20  4c  69  74   65  20
00c0    33 2e  30 2e  34 0d  0a 50  72  61 67  6d  61  3a   20  43
00d0    68 75  6d 62  79 0d  0a 43  6f  6e 6e  65  63  74   69  6f
00e0    6e 3a  20 63  6c 6f  73 65  0d  0a 0d  0a

For more information on Hacker Challenge 2010, visit the official website.

Coming Soon: The Advanced Hacker Challenge

If you are a security professional in the advanced category, don’t lose hope. In late 2011 an advanced Hacker Challenge will be introduced, and it will be completely different from the basic/intermediate version. The new advanced version will be almost completely hands-on. The advanced version write-ups will require a deeper understanding of security concepts, and the targets will be a bit of a challenge. And FYI, some of the advanced challenges will require participants to sign a “release of liability” form.

State of the Startup
Posted on by Beau AdkinsCategories Light Point Security Update, Startups1 Comment on State of the Startup

A long staircaseI decided it would be a good idea to occasionally post a status update of our startup on our blog. I plan on listing which of the many steps involved in launching a startup we have completed, and some tips on the ones that warrant it.

My reasons are two-fold. The first reason is that I hope once our product launches and it is a huge success and I am super rich and spend my days racing yachts, someone who wants to launch their own startup can use these as a step-by-step roadmap on what to do. The second reason is that I think it will be good for me to take the time to think about all the things we’ve accomplished since the last update. This may be a moral booster if I see that we have done a lot, or help me realize we are slacking if we have not.

What Have We Done?

  • Idea. The first thing was an idea about how I can provide web security better than everyone else. This idea has not been released publicly, so there isn’t much more I can say about that right now.
  • Research. The next thing I did was research on how I could implement it, and to decide if it was feasible that I could turn it into a profitable business.
  • Development Setup. I needed a development environment before I could create anything. I bought a computer and installed a subversion server for version control and TRAC for issue management. If you are developing any serious software, you NEED version control and issue management software. It is well worth the time.
  • Prototype. The next thing I did was to start building a working prototype, or a proof of concept. This took quite a while, in which time I was also working other items in this list.
  • Business Planning. First I knew that I would not have time to build the product, and run the business. I enlisted Zuly, my then girlfriend – now fiancee, to fill this role. Neither of us had run a business before, but we knew we could figure it out. We came up with a name for the business, snatched up the URL, made a business plan, etc. As I worked on the product, Zuly learned how to do the business side stuff (accounting, legal, etc).
  • Evaluation. At this point I had a working prototype, but when I finally looked at the stats, I realized the product would not be able to scale. This prototype had taken most of a year to get where it was, and then I found out it wouldn’t work. I thought it was all over at this point. But I refused to give up. I did more research to find a more efficient technology, and found one. I decided to swap out the old inefficient technology for the new hotness.
  • Persist. This new technology was another open source library that did the same thing as the old version, but it did so, much more efficiently. However, the way this library was written was nowhere near how I needed it to work. I spent months tinkering and reading through hundreds of files of source code to try and fix it. Every time I fixed an issue, I discovered 2 more that had to be fixed. After an entire year of this, I had my proof of concept functioning as it did before the technology swap, but now it was an order of magnitude more efficient.
  • Improvement. I added more and more features, eventually turning it into more of a product than a proof-of-concept.
  • More Research. As I implemented features, I tried to keep thinking a few moves ahead. I had a plan on what I would do next, and what after that. So in my down time, I would do some reading to make sure my plans on how to do those next steps would actually work, or if there was a better way.
  • Business Setup. At this point, we decided it was a good bet that we can make this work. We each took some of our own money, officially registered the business, and set up a bank account.
  • Website. We transferred ownership of the business domain name to the business, and bought hosting to set up this web page. We got something decent setup, and gradually improved it over time. We are still doing this.
  • Networking. We started blogging, using Facebook, Twitter, and others to start making a name for ourselves online. This is a never ending step.

What’s Next?

  • Branding. We have a name for the product, but we need to grab its domain name before we make it public.
  • Deployment and Beta-testing. We are now to the point where we need to start buying server capacity so other people can play with the product and give us feedback. We will use this feedback to make improvements until we feel the product is refined enough to begin charging for it.

Have I forgotten anything? If you see something missing that I should have done by now, please let me know. Or if you have any questions/suggestions, don’t hesitate to comment.

State of the Startup
The Facebook Will Start Charging Scam
Posted on by Zuly GonzalezCategories Web SecurityLeave a comment on The Facebook Will Start Charging Scam

With over 400 million users, Facebook is a constant target of online criminals and scam artists. The “Facebook will start charging” scam has been around since last year, yet people are still falling for it. Even worse, there’s been an increase in these types of scams over the last couple of months.

How the Facebook Will Start Charging Scam Works

Online criminals create Facebook pages claiming that Facebook will begin charging some monthly fee. For example, the page “I won’t pay $3.99 to use Facebook starting in July” is a scam. And the page “I will not pay to use Facebook as of Sept 7th 2010” is also a scam.

In fact, Facebook spokesman Larry Yu stated, “We have absolutely no plans to charge for the basic service of using Facebook.”

Facebook Will Start Charging Scam Page

There are many variations on this theme, and they’re all scams. I searched on Facebook for “Facebook pay” and got 287 page results (see below). And every single one of these pages is a scam! The top result had 7661 fans.

Just out of curiosity, I searched for “Facebook pay” again the following day and noticed that the pages are growing. The top result went from 7661 fans to 7844 fans and the second result went from 6877 fans to 6899 fans. So it looks like things are going in the wrong direction.

Facebook Will Start Charging Scam Search Results Facebook Will Start Charging Scam Search Results

Online scammers create Facebook pages (and groups) in an attempt to trick people into divulging their personal information, downloading malicious content, or inviting their friends to join the page. In the case of the “Facebook will start charging” scam, it seems the most common method is to get people to invite their friends to the page in an attempt to amass a large number of fans they can then sell to unsuspecting businesses.

Just take a look at the information on the “I will not pay to use Facebook as of Sept 7th 2010” page:

I Will Not Pay for Facebook Scam Page Description

And if you look at the information on some of the other Facebook Pay pages, you will notice that they don’t ask you for any personal information, or ask you to download something, or ask you to go to another website. The main thing these pages are asking people to do is to invite all of their friends. But that doesn’t mean there aren’t malicious links showing up on these pages, so be careful, and don’t click on any links in these pages.

So now that you know the truth, don’t join any Facebook pages claiming that Facebook will start charging.

How to Protect Yourself on Facebook

For the most part, these Facebook Pay pages weren’t setup to steal your personal information – although I didn’t look at every single page. And even if they were setup for that purpose, you usually have to take some action for this to occur.

But joining not only encourages criminals to keep coming up with these scams, it also puts your friends at risk. How? Well, as soon as you join, it’s displayed on your friends’ news feeds. A friend could see it and then join the group.

So, other than the obvious don’t join advice, here are a few other tips to help keep you and your friends secure while on Facebook:

  • If you see your friends joining these Facebook Pay pages, warn them about the scam and tell them to remove themselves from the page.
  • Spread the word. Scammers take advantage of the fact that people aren’t aware of these scams to do their dirty work. If people are informed of the risks, then it becomes a lot harder to get away with it. So tell your Facebook friends, and send them a link to this post, or any other post on the topic.
  • Be suspicious of any Facebook page that makes it easy for you to invite your friends, asks you to download something, or asks for your personal information in return for something else.
  • Always check the page’s wall before joining. There are legitimate reasons why you may be asked to download and install something from Facebook pages. However, there are also plenty of malicious programs out there. The legitimate stuff will, for the most part, work as advertised. On the other hand, the malicious stuff usually won’t work at all. So if you go to the page’s wall and see a lot of people complaining about the fact that it doesn’t work, stay away! Odds are it’s malware. And I’m not talking about a couple of bad reviews, because even the legitimate programs will get bad reviews every now and then. But if you see mostly complaints, then it’s likely to be malware. And even if it’s not, why waste your time, it obviously doesn’t work!
  • Join the Facebook Security page to get the latest security updates from Facebook, or visit Facebook’s Safety Center.
  • Read and follow the 5 most important steps for internet security to protect your computer from online criminals.

Have you come across this scam? Have you come across any other Facebook scams lately? What other ways of staying safe on Facebook do you recommend?

 

As Strong As Your Weakest Link
Posted on by Beau AdkinsCategories Web SecurityLeave a comment on As Strong As Your Weakest Link

The weakest linkWhen trying to evaluate your own security, remember the old addage: “A chain is only as strong as its weakest link.” Here is story of some recent experiences I had which reinforced this for me.

About a month ago, I started seeing all kinds of articles online related to a massive amount of websites being hacked. Most of these hacks were WordPress sites hosted with a large hosting company such as GoDaddy. This site is WordPress hosted by GoDaddy, so when I saw this, I was very interested.

I read the articles to find out how to know if your site had fallen victim to this. The main goal of this attack was to place a bit of php code into every WordPress file on your server. When WordPress would serve up a page, this code would be executed. The result would be a redirect placed in each page that a user of your site would see. This would redirect the user to a malicious website which would attempt to exploit your site’s visitors.

I immediately checked the content of my site and was relieved to find that my site appeared unhacked. But I was not out of the woods yet. No one yet had figured out how the hack was able to infiltrate all these systems. Many people were blaming it on a flaw in WordPress. Others were blaming it on a flaw with GoDaddy’s hosting. Until I figured out where the flaw was, I was still at risk.

This hack was showing up on web platforms other than WordPress. This makes it seem like it couldn’t be a problem with WordPress that was allowing this to happen. But, it was also happening on hosting providers other than GoDaddy. On top of that, if it were a flaw in WordPress or GoDaddy, this hack would be capable of showing up on many more high-traffic pages. You would think that a hacker armed with an unknown exploit with such power would hit the biggest targets available, instead of just a few tiny blogs.

GoDaddy was blaming it on people using out of date WordPress installations. However, I read many articles reporting about people who got hacked, rebuilt their sites with the newest version of everything, and then immediately being hacked again.

The root cause of this hack still hasn’t been figured out as far as I know. I have read that a large number of the affected sites had some weak passwords. At this point, I believe this to be it, but there is no way for me to know for sure. I use very strong passwords. Maybe this is what saved me. Or maybe the hackers just hadn’t found this site.

The moral of the story is to remember you are only as secure as your weakest link. You can build a house out of solid steel with a vault door and barred windows, but if you leave a spare key under your doormat, how much more secure are you? WordPress and GoDaddy can be completely secure, but a guessable password makes it irrelevant.

Latest Twitter Email Phishing Scam
Posted on by Zuly GonzalezCategories Web SecurityLeave a comment on Latest Twitter Email Phishing Scam

The latest phishing scam targeting Twitter users is in the form of an email message claiming to be from Twitter Support. The subject line of the fake email message starts off with the word Twit and is followed by a set of numbers. These numbers will vary from email to email. The email message claims that you have some number of “unreaded” or delayed messages from Twitter, and provides a link to supposedly check your “unreaded” messages. How nice of them! But instead the link takes you to a malicious phishing website.

There are actually two links in the fake email message, both linking back to malicious phishing websites. Don’t click on either of them! Here’s what the email looks like:

Twitter unreaded email phishing scam

According to Twitter Safety, Twitter Support doesn’t send emails about unread messages.

Twitter safety email phishing scam alert

What Can You Do?

Here are 7 things you can do to protect yourself, and avoid becoming a victim of email phishing scams.

  • If you receive an email message claiming to be from Twitter or Twitter Support with the subject line Twit [set of two numbers here], do not open it and delete it right away.
  • If you receive an email with bad English or misspellings, most likely it’s a scam. For example using the word unreaded instead of unread. Don’t click on any links in the email or download any attachments.
  • Don’t click on links in email messages. Always go to the site directly and log in to your account to check it out.
  • If you must click on a link in an email, for example it’s not a check your account status type of email, hover over the link and look at what the status bar tells you. If the URL shown in the status bar isn’t for the website you’re expecting to go to, don’t click on the link. In the case of this recent Twitter scam, the URL in the status bar doesn’t link to twitter.com. Instead it links to dev.somedomainname.com.

Twitter email phishing scam domain name on status bar

  • Note that the only domain name used by Twitter is twitter.com. Any URL that doesn’t start with http://twitter.com/ is not an official Twitter page. That’s not to say it’s a malicious site, it’s just not an official Twitter page, so use caution when going to these sites.
  • If you have a Twitter account, follow Twitter Safety or Twitter Spam to get the latest news about known Twitter scams.
  • Read and follow the 5 most important steps for internet security to protect your computer from these cyber crimes.

Image credits: Fake Twitter email, Twitter Safety tweets

Why You Are Not “Good Enough” to Avoid Malware
Posted on by Beau AdkinsCategories Web SecurityLeave a comment on Why You Are Not “Good Enough” to Avoid Malware

Compiling CodeIn my line of work, most of my colleagues are very technically savvy. Sometimes I will ask them about their views on different computer security products. More often than I would expect, I receive this response: “Oh, I think that is really important, but I don’t need it because I know what I’m doing.” When I press more on what it is they are doing that makes them immune, here are some of the possible responses, and my thoughts on each.

I’m careful where I click

Hmm, thats good. How are they careful. Maybe they don’t go to any site they haven’t heard of? So googling something, and clicking that perfect result is out of bounds for this person? Never clicking any link that has been run through a URL shortener like is so common on twitter? Staying away from sites that show ads? Never going to a site which doesn’t have perfect server security? If they did all these things then they really aren’t browsing at all. ANY site can be bad.  There are just too many ways that even the most trustworthy site can be turned malicious –  I will save that for another post.

I don’t use Windows

First off, I love Windows. It is my OS of choice, but it saddens me to say that this tactic does help. But why? Because Windows sucks? Not really, it is just a matter of targeting. When a hacker writes an exploit, he wants it to work on as many people as possible. Since most of the world uses Windows, he writes his exploit for Windows. It doesn’t mean he couldn’t have written it for any other OS, and there are times when hackers do write the exploits for the other OS’s. So while using a different OS will get you by most of the malware on the web, you are still counting on luck.

I’ve never gotten a virus before…

This one is classic on so many levels. So you’ve never been infected with malware before, therefore you must be immune… Hmmm, ok, lets assume that to be true, even though a child could tell you that it’s NOT. If you never use anti-malware products, and you have never been infected by anything, that tells me that you have never been infected by a poorly-written, or relatively harmless piece of malware. Those are the ones that you would be aware of if you were infected. A relatively harmless piece of malware would have a juvenile purpose: changing your desktop wallpaper, or showing you popups for porn sites. Not so bad. If the malware were more sinister, they want to make sure you don’t know they are there. They want to steal things from you without your knowledge. But if they are poorly written, they can crash your computer or other applications. But if it’s a well-written sinister piece of malware, that’s bad. You will not know it is there just by using your computer normally. Software specifically designed to find this stuff is the only way to know if it is there. You know, like anti-virus products.

Don’t fall into the trap in thinking you are just too smart to get infected online. It is a dangerous place out there, and it’s actually getting worse. In the old days, hackers wrote malware just to mess with people. Now they make money off of it. They are smart, and persistent. Do everything that you can to protect yourself. Here is a good starting point.

Spammers Create Fake Facebook Profiles
Posted on by Zuly GonzalezCategories Web SecurityLeave a comment on Spammers Create Fake Facebook Profiles

Have you received a friend request on Facebook from a hot girl you don’t recognize? You say what the heck, I don’t know her, but she’s hot, so yeah I’ll be your friend. Bad move! Take a look at the profile below, see anything strange?

Fake Facebook User Profile Maybe you received a friend request from someone you don’t recognize with a lot of mutual friends. So you accept the request thinking, well I probably met this person at some point. Wrong again.

Facebook spammers are now creating fake user profiles to amass a large number of “friends” they can then sell to unsuspecting businesses. These businesses may have seen an ad similar to this one:

Spammer Advertising

Soon after you accept requests from these fake users, you start getting invitations to join Facebook fan pages. This is how spammers create artificial word of mouth marketing.

Worse yet, now these spammers have access to personal information you’ve marked as viewable by friends only. This includes two very important pieces of information, your birthdate and location. This can possibly lead to identity theft!

What Can You Do?

  • Avoid friending anyone you don’t recognize. Hot girls aren’t the only threat, it could be a hot guy, or a normal looking person.
  • Ask a real friend. If you get a friend request from someone with mutual friends, send your real friends a message and ask them about this person you don’t recognize. If several of your real friends tell you they don’t actually know this person, stay away!
  • Look through your current friend list. Remove anyone you don’t recognize, especially if they’re constantly inviting you to join Facebook pages.
  • Spread the word. Spammers get away with this because most people aren’t aware of these threats. So tell your friends.

Have you seen any other suspicious Facebook activity? Let us know.

Beware, Facebook Password Email Scam
Posted on by Zuly GonzalezCategories Web SecurityLeave a comment on Beware, Facebook Password Email Scam

There is yet another Facebook email scam going around. This time victims receive an email with the subject line “Facebook Password Reset Confirmation! Customer Support”. The email instructs the victim to click on an attachment in order to retrieve the password. The attachment is really a password stealer, and once installed it can potentially access any username and password combination utilized on that computer – not just for the user’s Facebook account. Here is an example of what the Facebook password reset scam email looks like.

Facebook Password Reset Email Scam Example

Facebook never sends emails alerting a user that they changed his or her password. If you receive this email, delete it right away and do not click on the attachment. To protect your computer from this type of cybercrime, follow The 5 Most Important Steps for Internet Security. Also, visit the Facebook Security page for tips on protecting yourself from scams on Facebook.

To get more details on this Facebook email scam, read the McAfee Labs Blog.

The 5 Most Important Steps for Internet Security
Posted on by Beau AdkinsCategories Web Security4 Comments on The 5 Most Important Steps for Internet Security

A closed lockThere are a lot of simple things you can do to keep yourself safe online. Here are the 5 most important things you can do today to maximize your web security. Most of these tips are simple enough for even the most novice user. Also, some of these tips assume you are using windows.

  1. Set a unique password for your administrator account – Some Windows flavors come with a built-in administator account with no password. This is the easiest way to allow a hacker to hijack your computer. You need to set it to something, and it needs to be something hard to guess (more about picking passwords later). To set it, go to Start -> Control Panel. Then click on the Administrative Tools icon. Once in there, there is a Computer Management icon. On the tree view on the left, you should see an entry for “Users”. Clicking on this should give you a view on the right of all the accounts. You can use these to enable or disable accounts, and change the passwords. If you are using Vista or Windows 7, this default admin account is turned off by default, so you shouldn’t have to worry about it.
  2. Use strong passwords – Setting your password is a waste of time if it can be guessed. What should you not use as a password? Anything that your closest friend could ever, EVER, guess. So don’t use your name, birthday, relative’s name, etc. Don’t use “password”, “123”, etc. Don’t make your password something you would find in a dictionary. What should you use? Use at least 8 characters total. Use something unguessable. Use upper and lowercase. Use numbers. Use symbols. Here is an example of a very strong password. “R8b#5kB2*”. This would take decades at best for a hacker to guess. At least it would have if I hadn’t written it here. Assume this one as guessable now. So this is a strong password. But it is very difficult to remember. To make a password that is almost as strong, but easier to remember, try making up words, mix up the case, and add a number or 2. Like this one “Flard9Glorb2”. This is just about as unguessable as the previous one. Except this one is pronouncable, which means you can remember it. Use a strong password important accounts you have (especially for logging on to your computer).
  3. Install an antivirus product – Everyone should have some sort of antivirus installed. More importantly, it should be up-to-date. This usually costs around $40 for a year or 2, but it is worth it. There are some free antivirus tools out there, but I have never used them, so I can’t offer any opinion on them. Some internet service providers offer free subscriptions to antivirus for its users. Even if you can’t get antivirus for free, you still need to get it. $40 is not a lot of money to help keep your personal info safe.
  4. Install (and configure) a software firewall – A lot of the antivirus suites come with a firewall. If your’s didn’t, find another one. There are a ton online, and I haven’t used enough of them to offer a recommendation of one over the others. But once you get one, make sure it is set up to monitor both incoming and outgoing traffic. Most of them only offer incoming protection by default, but if you are behind a router, this is basically useless. Once you turn on outgoing monitoring, you will start seeing notifications popping up asking your permission to allow a program to access the internet. Once you have allowed or disallowed all the programs on your computer which are trying to use the internet, you shouldn’t see any more popups, except when new (possibly bad) software is installed. Why should you care about a firewall? Assume a bad piece of software gets installed on your machine, and your antivirus doesn’t catch it. If it tries to send your personal info out to the internet, or contact its creator to get tasking, hopefully the firewall will stop it, and render it impotent.
  5. Turn on auto-updates – Both your operating system and your browser should have auto-updating capabilities. This means when a new version is released, you get it automatically, instead of having to go look for it. The most common reason for a new version of software is a patched vulnerability. If you continue using a piece of software with an unpatched vulnerability, you are at a very high risk of having your computer exploited.

Completing these 5 simple tasks shouldn’t take more than an afternoon, and will put you miles ahead of most everyone else on the internet. Hackers usually pick the low hanging fruit. It is quicker, easier, and sadly most of the “fruit” out there is hangs pretty low.

Now, don’t leave this article thinking you are invincible online. There are still some very sophisticated hackers out there. Consider these steps as a good starting point, because if you haven’t done all of these, doing the more advanced things is a waste of time.

Categories
Archives