Recently in Behaviours Category

Omar Shahine is a program manager on hotmail, and a pretty clued up person. Which is why his latest blog post scares me silly.

That is what I found this evening. I believe that some one managed to issue a password reset command to my account and then somehow logged in and reset my password essentially owning my data.

and this

update: my account just got hijacked again, minutes ago. Also so did my GMail account.

I have no idea WTF is going on here. I have only used one computer this entire time.

Seriously scary stuff, and this for a guy who is pretty technical and also highly connected with people who can help.

Alarmed by this - I had a quick check of my own situation - my stuff is pretty well backed up - to a NAS point for local backup, and then to Amazon's S3 via JungleDisk. My GMail is regularly downloaded to Thunderbird via IMAP. But the thought of someone getting access to my Google account makes me break out in a cold sweat.

So - what do I do to make sure I'm as secure as I can be ?

• Check my Google password is long and strong. (Yes - 20 chars, mix of letters, digits and symbols)
  

• Vow never to connect to anything sensitive 'in the clear', especially over public WiFi.
• When sensitive information (especiallly login details) is to be exchanged always connect via https (https:/mail.google.com/mail).Check your desktop and especially your laptop that this is the case. Check your bookmarks.
• Set up an account with a VPN provider to use to connect through (and make sure you use it)
• Use something like a 3G modem to bypass public wifi competely (but still connect via https). I have one (from Three), and it's great as a ADSL backup and also for travelling - no more £5.95 for 1 hour's unsecure internet access for me !
• Make sure you have a personal question that is non-obvious (don't do date of birth, mother's maiden name etc). If your provider doesn't allow you to have a non-obvious question, then change, or don't store anything of value in there.
  

• Make sure you are backed up, and that your backups work. I know this is one of those things that everyone says, but really, do it. You have no idea how much of a comfort it is when you know that all your really important info is backed up in a number of different places. JungleDisk is pretty amazing for letting you just set and forget - I back up all my pictures, and documents there, as well as my partner's docs - and Jungledisk is smart enough to only upload files that are new or changed (and you can pay $1 per month to activate a service to only upload diffs to large files).
  

• Get a good virusscanner, malware protector and firewall. Keyloggers are another source of danger - I hear a lot of reports of kids playing WoW who have had their accounts hacked via keyloggers (from programs they've downloaded). Set your firewall to alert you on any new outbound connections, and don't allow anything you don't recognise through.
  

These are some of the steps I've taken to protect my data - I hope I've covered most of the obvious attack vectors (ooh knowledgeable do I sound !). So far I haven't had my accounts hacked, but past activity is no guarantee of future performance.

Boy - does this ever ring true.

I think we make a big mistake when we use terms like counterculture and rebel and deviant loosely. They've had it as terms. Defunct. Finito. Past their sell-by-date.Because every time we do that, we paint a big red X across the backs of the people we so describe and put the firm's immune system on full alert. And the rebels are toast. Which is often a shame. Because they weren't rebels. Or deviants. Or counterculture whatevers. They were doing their job. Trying to find a better way of doing things. [In a strange way, I think that Malcolm's feeling for consultants is related. When a "consultant" finds a better way of doing things firms roll out the green carpet, papered with spondulicks; when someone in the organisation quietly does the same thing, he's a deviant…]

Confused Of Calcutta » Blog Archive » On rebels and deviants and counterculturals

Although I'm not sure it's even about explicit labelling - which at least gives you (being the rebel in question) something tangible to tangle with. Implicit labelling is probably even more pernicious and, as there's nothing overt, harder to fight against. [tags]internal, corporate, culture[/tags]

Phil Linden - CEO (or should that be EarthFather) of Linden Labs, developers of Second Life posts the first page of the Linden Labs employee handbook: the Tao of Linden on his blog. Interesting reading - choose what you want to work on, be incredibly transparent, weekly progress, no politics. All sounds good, and is what I was going to point to initially. But..there's more... Unfortunately, Second Life is running massively unstable at the moment after the most recent set of updates. So, a couple of SL power users have weighed in on the comments telling Philip that his employees may be happy, but his customers aren't - with plenty of detail. The recurring theme seems to be: if employees can choose what they want to work on, they will add features, rather than fix bugs - and that's certainly something I thought when I read the post...there are *always* unpleasant jobs, and if there's no pressure, who's going to volunteer - especially when the guy next to you has decided to work on "fun" stuff. I did login a couple of times last week and found SL nearly unusable in certain sims, so haven't logged back in since. I've been on SL for a couple of years, but my RL isn't dependent on my SL ;) so not a huge problem for me. It'll be interesting to see what the response is from Linden Labs, a standout example of how the new world is going to operate. [tags]secondlife[/tags]

Neville Hobson discusses the agony of choice and outlines an FT article on the same.

Whenever I travel to the US, I get apprehensive. Not about the travel or why I'm visiting the States. No, it's all to do with breakfast choices. Here's the scenario. It's breakfast time in my hotel. I sit and the ever-so-friendly waitress asks me for my order. Apprehension starts if I request eggs. Before I first visited the US some 20 years ago, I never knew how many choices there were for eggs. Scrambled. Fried. Boiled. Poached. Sunny side up. That's just to begin with. Then the sub-sets - easy, soft, medium, etc. And let's not get started on the choices for toast. Or juice. With so much (too much) to choose from, I tend to take the cowardly route and either not have breakfast at all, or order it in my room using the tick-box card you hang outside your door.

This is another example of what Barry Schwartz calls the Paradox of Choice. IT Conversations has a great recording (you may call it a podcast if you want) of a lecture and Q&A session with him. There's also a good article in Scientific American – "The Tyranny of Choice" but you need a subscription to read it. It's all about maximisers (maximizers for the American readers) and satisficers. As you might expect – maximisers want perfection, and always worry that the choice they've made isn't the right one. Satisficers are generally happy with good enough.

...and do communication consultants help them ? This should be interesting - David Ferrabee of H&K is posing the question, andwill follow up, I hope, with some answers ! Read the first part here: Why do companies lie?

Technorati Tags: internal, communication, comms

Adriana Cronin-Lukas points to a CNET piece about the recent Wikipedia incident. If we assume that the Wikipedia model isn't going away, then we're all going to have to assume a lot more personal, and active, responsibility for checking how we're perceived by the world, and correcting anything untrue. However, even "corrections" aren't so easy - as Adam Curry recently discovered.