How to Break Into a Windows PC (And Prevent it from Happening to You).
In this Lifehacker article they cover some of most common security risks around Windows. All very common methods in the information security world; to the folks reading my post probably not so common.
Window is susceptible to attack more than any other environment not so much because if the flaws I the design (though there are plenty of those) but rather because of the fact that there is such a large installed base and such a rich knowledge domain on the subject. In fact research shows that most of the most common exploits used in computer related information theft were developed around the attacks used on Windows.
So this article is more about facilitating protecting your information, especially the information that would make you susceptible to identity theft.
Simply put, if you use Windows ( or any other environment for that matter ) consider using a couple of tools, both are free, and both will help with the 80/20 rule:
Keepass: www.keepass.info – This is a great tool to keep all of your personal information, it’s stores your information in the format of ‘index cards’ the file uses any number of strong encryption algorithms (I prefer AES). And if you use a unique strong password, there is virtually no way any one can get to the information.
There are a lot of eWallet type tools out there, but I really like this one because it’s free (free is good, we like free) and it’s open source. If fact I keep All of my personal information in Keepass on a USB stick on my key chain, and I have no problem advertising that fact, I’m that confident of its security.
Truecrypt: www.truecrypt.org – This is another tool that is always in hands reach for me, again it’s free and open source, so there are no ‘magic’ back doors. This tools isn’t a Rolodex inasmuch as it’s a virtual drive that is encrypted. The tool will create a virtual disk in the form of a file (that you can copy to a USB stick) using a strong encryption method. You use it like any other drive on your system except that when you copy or move files to it, the files are encrypted and nobody can access them without the passphrase.
Combine this with Keepass and two different passwords (one for each), and you’ll have secured your personal information to a level that the best crypto hacks can’t reach, and I don’t mean figuratively either.
So there you go, you just got the benefit of three years of graduate school, two advanced degrees in information security and tens of thousands of dollars of tuition for the price reading his blog post. Go forth and be secure.
The price of freedom is eternal vigilance.
Why I Suck at Delegating (and You Might, Too).
I started reading this article this morning as I was planning my activities for the day. Delegating is a huge issue for me, in part for some of the reasons Kent states in the article, but also in part because I have prided myself at being ‘a working manager.’ I don’t ask my staff or others to do anything that I haven’t done, wouldn’t do, or couldn’t do myself.
The problem with that notion is that as a simply practical matter we can’t, despite our best intentions, do everything. I know that it seems self evident, but for me it continues to be a challenging idea in practice.
And it’s not because I’m a doer either, my wife and father in law are both doers, they can’t sit still. I think in part I fear asking for help, and thus appearing to be weak and needy.
Clearly I am neither, but fear is an interesting thing, and if we aren’t careful about it, we can be manipulated by others as a result. Kevin Mitnick made a career out of it through ‘social engineering’ his book, The Art of Deception, an excellent read, is a seminal work on the subject.
Anyway, delegating to get things done is a practice that I continue to work in and hopefully someday will master.
Read the article don’t delegate it to someone else to read.
If You Want to Know How to Engage in the Social Conversation… Then Converse!
I just finished a meeting where we were discussing the topic of how best to use Facebook to reach the constituency of an organization. I immediately went in to a spiel about needing to do a presentation on how non-profits use social media to extend their reach, blah, blah, blah… I hate it when I do that. I sound like those corporate marketing hacks.
Anyway, someone at the table said something really profound (thanks Matt), resulting in me having one of those V8 moments. He said "we don't need more information, we need people. The problem isn't going to be solved just because we understand the tool. SOMEONE must use the tool."
It hit me right while I was prattling on about the subject when what I should say, and eventually did say is "it's not about the tools or having a 'person' to use the tool, it's about the conversation and always has been."
I was so wrapped up in the use of the technology that I neglected to mention the most important part of social media is THE SOCIAL CONVERSATION. I posted a comment a couple of days ago on the topic of not 'reading yourself in to social media, you just have to dive in and use it (http://pulsene.ws/bRvF).
My point here is about gaining trust through joining the conversation and being in the middle of it. If we want to extend our reach, touch the lives of people and have them want to read what we're saying, we first have to say it. Contribute to the conversation, and natural selection will determine if others read it.
And even if they don't want to read what you have to say, then at least you've said it. Come on in, the water's warm, and there are plenty of people out there that share similar thoughts and feelings as you, but you'll never know it unless you just get out there, be authentic, transparent, don't sell, and simply say what you have to say. You'd be surprised. I know I was.
Many people want to be a writer.
I would say don't try to be a writer.
Write.
Come Over To the Dark Side – Lifehacker.com Evil (One Week Only)
I love Lifehacker.com, and have followed their site ever since I read “Getting Things Done” by David Allen. Lifehacker comes from the same people that bring us gizmodo. Lifehacker focuses on the simple things that help tweak our lives to help things go a bit more productively (hacks in computer terms).
I follow their posts regularly and find the tips very worthwhile, e.g. How to improve your presentation skills, or the reasons why we procrastinate.
It was odd though when I started seeing a series of posts yesterday that, though informative, seemed… Well out of place. The first one was “How to crack an encrypted wi-fi network,” followed by “How to manipulate people.”
Then I went over to the site to look at their landing page (I usually read their stories on a news reader so I occasionally miss a post). And this week is “Evil Week” in tribute to Halloween this Sunday.
The interesting part of the idea of evil week, is that many of the ideas in the posts are the exact reasons I got in to the information security and assurance business.
I’d encourage you to go over to their site and take a look, not to find out how to defraud others, but rather to recognize it for yourself and help to prevent it from happening to you. Who knows you might even learn how to thumb your nose at Steve Jobs and build your own “Hackintosh.”
FailCon Celebrates Failures
On the surface this seems like one of the most bizarre events in the business sector. But Tom Peters wrote in The Little Big Things, about celebrating failure and not chastising it, when failure results from attempts at innovation and not apathy. Someone once told me early in my career to 'hurry up and get your failures out of the way, because that's the only way you're going to make progress.'
We learn from our mistakes, a trite comment, but true nonetheless, and more often than not, success stems from perseverance in the face of failure.
So I ask this question of all of you, what would you do if you KNEW you would not fail?
FailCon Fails to Fail, Returns for 2010 http://pulsene.ws/bOoc