Your company’s juiciest Linkedin targets

People who’ve moved onward and upward within the company, bridging multiple departments are great attack targets because they probably have more permissions than someone who’s stayed in a single role.

In non-security speak, let’s talk about someone who moves from Accounting to HR. The right way to handle it is to grant access to all of the HR data and systems, and cut off all of the person’s access to accounting data and systems.

In practice, that rarely happens. In previous roles, I’ve often ended up with access to more than one group of systems after being moved around, so I’ve not only seen it, I’ve experienced it firsthand.

The bad guys know this. So they’re going to scour Linkedin for people who have multiple entries on their profiles for the same company, knowing they probably still have both feet in both worlds. People like that are going to get more phishing e-mails than average, because then they’ll have access to twice as much stuff. That means if an attacker manages to get onto their system, they’ll have access to twice as much stuff.

This gets overlooked a lot, but HR and security need to have a very good working relationship to keep these kinds of situations from happening. Employees who stay with an organization and move onward and upward within it are very rare these days, and those employees deserve every bit of the extra protection they need.

Career advisers say to make sure you show all of your upward movement within the same company on your resume and on your Linkedin profile. I know not everyone does this, but jobs are difficult enough to get that we have to assume people are looking for that edge. As security professionals, our job is to understand this reality and make sure it doesn’t mean extra exposure.

Remembering Dolgin’s

Growing up in Missouri, a lot of my Christmas gifts when I was young came from a catalog showroom called Dolgin’s. One of my earliest memories is going to Dolgin’s with my mom and aunt, who showed me some Tonka trucks and asked me which ones I liked best.

I know a lot of people remember going through Sears and Montgomery Ward catalogs, but I remember Dolgin’s catalogs the best. Read more

How to clean up a Windows server

From time to time, Windows patches will fail to install because a server doesn’t have enough space to install them. Finding the ginormous files are that are hogging all the space on the C drive is really tedious if you do it by clicking around in Windows Explorer, but there’s a better way.

Download the free Sysinternals Du.exe utility and you can find the behemoths in minutes, if not seconds. Read more

Hot-rod Cyanogenmod 7.2

Whatever you do, don’t call this post Optimizing Android 2.3 for Games, Graphics and Multimedia. I’ll kick your… nevermind.

But of course the first thing I wanted after I installed Cyanogenmod 7.2–which is based on Android 2.3.7–on my Nook Color was to make it run smoother and faster. What else would I want? So here’s some stuff I did, since adding three CPU cores obviously isn’t an option.

Read more

Easier deep Firefox SQL optimization

Last year I examined ways to optimize Firefox’s SQLite databases. I’ve since found I like it better when I just put the Firefox profile in a ramdisk, but that may not be an option in all cases.

If you don’t want to go the latter route and would like to avoid the command line jockeying, give Speedyfox a look. And even if you’ve put Firefox in a ramdisk, this program can be useful. You won’t notice any speedup inside a ramdisk, but SQL optimization saves storage space, which is always at a premium inside ramdisks. Read more

Deep Firefox SQL optimization

I was looking deeper into Firefox optimization, and I found Adventures in Firefox-places.sqlite. It’s a pretty intense analysis that goes beyond the usual simple, in-browser SQL vacuum that I’ve mentioned in the past. It was written with Mac OS X and Linux in mind, which is fine, but if you run Windows, you might want to do the same thing.

It has two benefits. It speeds up Firefox, and it reduces the amount of disk space your Firefox profile occupies. The two things are related; smaller databases are quicker and easier to navigate than large ones. As for why you should care about the amount of disk space it takes up, well, on an SSD every megabyte counts.

Read more

The circulating privacy threat warnings miss the boat

This week I’ve had multiple people send me warnings they saw on Facebook about a new privacy threat, which, after I read about it, really appears just to be something that aggregates information already available about you.

Perhaps not coincidentally, PC Magazine has a piece telling you what you need to do if you’re really concerned about privacy and really want to disappear. http://www.pcmag.com/article2/0,2817,2376023,00.asp
Read more

Outlook send button is gone? Here’s the fix.

“My Outlook send button is gone,” one of my coworkers told me. Microsoft wasn’t much help. The relevant knowledge base articles said the e-mail account not being configured causes that problem. Except it was. He could receive and read mail just fine, he just couldn’t send anything out.

Ultimately we ended up deleting his mail profile to fix the missing send button. Read more

Parents aren\’t supposed to act this way

There’s an episode of “Everybody Hates Chris” where a thug tries to get Chris to start stealing gold chains for him. Toward the end, Chris’ dad finds out, confronts him, and says that if he goes near Chris again, “You won’t go to jail. I will.” Chris’ dad then goes on to tell the thug exactly what he’ll do to him. And that was the end of it.

That’s how parents handled things in the ’80s. My dad did something similar when I was in 7th grade.

I guess today, some people set up fake Myspace profiles. Don’t read the story (or what follows here) if you’re easily upset.Megan Meier had an on-again, off-again friendship with a girl who lived down the street. After she ended the friendship for good, she started turning her life around.

Megan’s mother had banned her from Myspace because she and her ex-friend had created a fake profile with a photo of an attractive girl and used it to talk to boys. Soon before she turned 14, Megan’s mother lifted the ban.

Soon after, Josh appeared, wanting to be added as a friend. So began a six-week acquaintanceship. Megan was on cloud nine — she finally had a boy who she thought really thought she was pretty.

Then came an abrupt message: “I don’t know if I want to be friends with you anymore because I’ve heard that you are not very nice to your friends.”

It was all downhill from there. The next day, more disturbing messages followed. And Josh was sharing her messages with others.

A day later, Megan was dead by her own hand.

Josh had inside information on Megan and her relationships. Sort of. You see, Josh didn’t really exist. He was a fabrication of Megan’s ex-friend’s parents, created to see what Megan was saying about her former friend, and, obviously, to mess with the sensitive 13-year-old.

The thing that bothers me the most about this is the total lack of remorse. The mother said she heard at the funeral that Megan had attempted suicide before, so she felt less guilty. As an ambulance came down the street for Megan, the mother told one of the other people involved that she probably shouldn’t mention the Myspace account. And after Megan’s parents found out about the hoax, they destroyed a foosball table they had been storing for their so-called friends and dumped the pieces on the lawn. The hoaxers had installed a security camera–I wonder why?–and caught the incident on tape. They had the gall to press charges.

One family loses a daughter. Another loses a foosball table. The family that lost the foosball table is the one pressing charges. Megan’s father’s hearing is on Thursday.

Adults ganging up on a 13-year-old is not appropriate behavior. Thirteen year olds do a fine enough job of ganging up on one another and messing with each other’s minds. They don’t need adults–who are supposed to be role models and authority figures–jumping in.

I have firsthand experience in this. When I was 13, I was living in a little redneck town, attending a small school. I was ambitious and a deep thinker, and my classmates didn’t know what to make of someone like me. The way to get to be somebody in my combined 7th/8th grade class was to go to convenience stores and steal dirty magazines. Since I didn’t steal dirty magazines, I didn’t listen to Michael Jackson, and my dad drove the wrong brand of pickup, I quickly became an outcast.

Mostly they messed with my mind, but on three occasions it actually turned violent. The third time, happened during a softball game in PE. A kid named Joey–Someone I thought was my friend–bulldozed over me as he ran past second base.

I told my dad. Dad said he didn’t know what he was going to do, but he’d do something.

A few days later we had a softball game against another school. I was starting in left field. Joey started at third base. As he took his position, Dad walked up behind him.

“Hey, that was really cool how you mowed down David the other day, wasn’t it?”

Joey turned, grinning from ear to ear, until he saw that it was my Dad talking to him. The look on his face told Dad all he needed to know.

“I’m gonna have a lot of fun beating the [expletive] out of you, kid.”

Dad didn’t actually lay a hand on Joey. He made him a deal. If Joey left me alone for the rest of the year, Dad would leave him alone.

Joey made good on his end of the deal. I lived to see June, we moved away over the summer, and I never saw him again.

I’m not entirely convinced that the way Dad handled this was appropriate. But this was the third time something like this had happened and it was obvious the school authorities were unwilling or unable to put an end to it themselves. Dad’s confrontation with Joey happened during a softball game, in full view of our teacher (who was also the coach) and principal. Dad had Joey so rattled that he committed errors in the first inning, and when Dad started jawing at him again in the second, neither of them asked him to leave.

As inappropriate as Dad threatening Joey with bodily harm might be, it was a whole lot more appropriate than messing with a 13-year-old girl’s mind for six weeks, impersonating an interested 16-year-old boy, and sending a hormonal teenager on an emotional roller coaster ride before pulling the rug completely out with a final message that ended with the words, “the world would be a better place without you.”

Dad’s intervention was swift and clear. By the third inning, it was over, and with no lasting damage. About 10 years ago I heard Joey was going to college in Kansas City, which was quite a bit better than how some of our other classmates turned out.

I’ve seen a lot of outcry to unmask the identities of the people behind the forgery. I believe I have a pretty good idea who they are, but I don’t want to print something that might be incorrect. By searching public records I was able to locate a couple who fit the profile in the story. I believe the ringleaders are now age 40 and 38–certainly old enough to know better, and I would think old enough to have better things to do than harass 13-year-old girls.

The Meiers have said they won’t file a civil lawsuit against the couple who ganged up on their daughter and drove her to commit suicide. They want laws changed so that what they did would be illegal.

I disagree with that. I don’t know how you make what the Meier’s neighbors did illegal, and even if you did make it illegal to create a fake Myspace account for the purpose of harassing teenagers, the law would be impossible to enforce.

This is the perfect situation for a civil lawsuit. File a wrongful death lawsuit, saying that the family emotionally harassed their daughter for six weeks and drove her to suicide, and sue them into bankruptcy. You can’t send them to jail and you can’t bring their daughter back, but you can take away their $200,000 home and with it, much of their ability to do the same thing to someone else in the future, and, perhaps most importantly, you get them out of your neighborhood.

The Meiers probably don’t want the money. No amount of money will bring their daughter back. But this legal tactic is probably the only way they can get the one thing they do want–for their neighbors to leave. Not only that, it sends a message to people everywhere: Do not act inappropriately on Myspace, or there will be severe consequences, up to and including losing everything you’ve spent your career working to accumulate.

If there’s money left over after paying the lawyers, I’m sure they could find some worthy cause that could use the money to make the world a little bit better place.

And with those neighbors gone, Waterford Crystal Drive in Dardenne Prairie, Missouri would undoubtedly be a better place.

WordPress Appliance - Powered by TurnKey Linux