Monthly Archives: September 2011

You Should Fire Your Boss (on Facebook)

If you are “friends” with your boss on Facebook, now is a great time to reboot your relationship. Facebook has introduced two new features that can change the way people relate on Facebook. Now we can stop pretending our relationship with closest friends and family is that same as it is with our direct supervisor.

With Facebook’s new subscription feature, you can follow your boss’s public posts without unintentionally revealing your personal life. And since your boss has most of the power in your relationship, we feel s/he should enable his or her account for a more appropriate relationship.

Here’s how to properly fire your boss on Facebook. (This is option 1 for nice bosses. See below for less-nice bosses.)

  1. Unfriend your boss now.
  2. Ask your boss to activate Facebook subscriptions by going to this page.
  3. Encourage your boss to open his/her public posts to comments, so you can respond to his/her posts.
  4. Subscribe to the feeds of your boss you’re interested in.

Making these changes will avoid crossing work with play. It also keeps open a channel of communication if, say, your boss has additional shifts or projects for you to take on. Plus your boss won’t know that you turned down extra work to go to a concert—unless you make that post public and open your profile to subscribers.

The “Subscribe” button brings “asymmetrical relationships” to Facebook profiles for the first time. Asymmetrical relationships exist when one side enjoys some privilege over another as an employer, teacher or supervisor might. And these asymmetrical online relationships create are sparking controversy.

Some union leaders have advised teachers to limit their social networking in general to shield them from claims of abuse. And the US government recently restored the jobs of four employees who used Facebook to discuss the workplace in a harsh but appropriate manner. But the line between appropriate and inappropriate discussion is fine and evolving.

Missouri recently passed a law restricting teachers from Facebook friending any children, including their own. It’s currently being blocked by a judge but a law like this suggests that many people are at a loss on how to relate asymmetrically on Facebook.

By unfriending your boss and subscribing, you’re setting up clear boundaries that are less likely create complications in the workplace.

Now, if you’re already friends with your boss and you’re not comfortable “bossing” them around online, you have another way to stop your private and work lives bleeding together. Here’s option 2 for less-nice bosses.

  1. Wait till “smart lists” are active for you on Facebook. (If you open your page to subscriptions, you’ll likely get smart lists soon if not immediately.)
  2. Add your boss to your “Restricted list”, which means they’ll only have access to your public posts.
  3. Consider using a List or Group for co-workers/work related discussions.

Using Facebook responsibly requires us to turn on the good features Facebook offers—like Profile Review. And changing your online relationship with your boss/“friend” to more closely resemble real life is a smart way to protect your job and your future.

Paul’s Security Weekly – Episode 259 Part 1 – September 15th 2011

Dino Dai Zovi Interview:

Elie Bursztein talks about An Analysis of Private Browsing Modes in Modern Browsers:

Episode 259 Show Notes

Episode 259 Part 1 Direct Audio Download

Episode Hosts:

  • Paul Asadoorian
  • John Strand
  • Larry Pesce
  • Carlos Perez
  • Darren Wigley
  • Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.

    Audio Feeds:

    Video Feeds:

    Tips for Small Businesses from a Cyber Security Expert

    The Internet offers small businesses a competitive advantage in a tough market thanks to the exposure they receive online. However, while they can compete with larger businesses online in terms of marketing and visibility, their IT budgets and security efforts simply can't keep up. Cybercriminals realize that small businesses are easy targets because they are less likely to have a security plan in place. Here are tips for small businesses from a cyber security expert whose personal mission is to secure organizations by creating solutions to unique and complex computer problems.

    Create an Internet Policy
    One of the best ways to keep critical data protected is by establishing guidelines and boundaries for employees, no matter how small the organization may be. An Internet use policy lets employees know what software and files are okay to download, how to create strong passwords, and which websites cannot be viewed while surfing the Web. Any security expert would agree that letting employees know their responsibilities when it comes to using the Internet is the first step towards a comprehensive security plan.

    Install the Latest Anti-Virus Software
    Most new computers come with anti-virus and anti-malware programs installed. However, an experienced cyber security expert recommends going above and beyond these basic software packages by purchasing a comprehensive security suite. Not only do they detect threats, but they automatically repair the system every time viruses or malware is detected. According to a computer security specialist, increasing the protection of critical data by paying for additional safety features is worth the investment because it brings small business owners the peace of mind they need.

    Secure Wireless Connections
    Some business owners do not secure their wireless connections because they don't realize how important this step is when it comes to protecting the company's information. If they had the same knowledge and experience as a trained cyber security expert, they would realize just how serious this threat is. Here are a few simple steps business owners can take to secure these connections:
    • Change passwords regularly
    • Add a VPN service
    • Limit access to the network

    Security Expert Advice: Choosing Strong Passwords

    So far, 2011 has been a big year for cyber-attacks. American businesses and the United States government were the targets of hackers who stole credit card information, took down websites, and deleted military files. These attacks sent companies and government agencies scrambling to explain how their data was stolen, compromised, or lost. It also forced them to examine their computer security practices. As they attempt to pick up the pieces, security experts are using these events to emphasize the importance of good risk management – namely preventing targeted attacks against companies before it's too late. One way of increasing cyber security is by creating strong passwords. Here are tips for protecting your personal or professional digital identity, straight from a computer security specialist.

    • Use a combination of letters and numbers – never use only one or the other.
    • Stay away from using names of spouses, children, or pets.
    • Use a bizarre combination of words that only you would remember.
    • Don't use your phone number or birthday – these are considered "weak" passwords.

    Just about everyone has at least one password; some people have upwards of ten. According to technology writer Clive Thompson, "the truth is we humans are pretty bad at remembering characters that make for a really strong password." For people who need multiple passwords, remembering just one would be easier but such a shortcut is also dangerous. As difficult as it may be, the importance of choosing a unique and complex combination of letters and numbers cannot be emphasized enough. Any experienced security expert will tell you that weak and non-existent passwords are partly to blame for online security breaches, so your safety depends on generating a strong password for each different account.

    Tips for Using an Expert Witness Effectively

    In our culture we are urged to "trust the expert" – even in a court of law. The simple fact that the testimony of an expert witness is admissible in a trial shows how much we value the opinions of people who are considered authorities in their fields. This can have a very persuasive effect on a case, as long as the experts are carefully chosen and thoroughly prepared. Here are some tips for using an expert witness successfully.

    • Examine the case and determine what kind of expert you need.
    • Search trade organizations, referrals, and the Internet for expert witness options.
    • Analyze potential experts based on the following: reputation, experience, qualifications, scholarly work
    • Choose as many as necessary, and make sure to fully understand their opinions.
    • Help the expert witness become familiar with the case.
    • Work with the expert on his or her report through guidance, but it should reflect his or her own opinions.
    • Prepare the witness for examination.

    From selection to a successful testimony at trail, there is a lot of research and preparation that goes into finding the best expert witness. Just because a person has a lot of experience in his or her field doesn't necessarily mean he or she has what it takes to deliver a successful expert witness testimony. Interview every option and spend time talking with them to find experts who have pleasing yet firm personalities and perform well under the highest degree of pressure.

    Paul’s Security Weekly – Episode 258 Part 2 – September 8th 2011

    Paul, Larry, Jack, and the gang talks about the latest news for the week, including APT, cyber criminals, SSL, and how to pick a good password (Just kidding, we actually did talk about stuff that you may care about):

    Episode 258 Show Notes

    Episode 258 Part 2 Direct Audio Download

    Episode Hosts:

  • Paul Asadoorian
  • John Strand
  • Larry Pesce
  • Jack Daniel
  • Darren Wigley
  • Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.

    Audio Feeds:

    Video Feeds:

    Paul’s Security Weekly – Episode 257 Part 2 – September 1st 2011

    Drunken Security News for episode 257 features SSL certs gone wild, attacking the PHY layer, undercovering social media, and more!:

    Episode 257 Show Notes

    Episode 257 Part 2 Direct Audio Download

    Episode Hosts:

  • Paul Asadoorian
  • Carlos Perez
  • Jack Daniel
  • Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.

    Audio Feeds:

    Video Feeds:

    Travel Tips from a Security Expert

    Most businesses recognize the critical need to implement security measures in the office. Now that people can connect to wireless networks through their mobile devices, new technologies are breaking down office walls. And according to any security expert, this raises serious concerns. Businesses whose employees travel, work from home, or simply view important documents on their laptops or smartphones anywhere they go are exposing critical data to hackers, cybercriminals, and other security breaches. Here we will focus on tips for staying protected while traveling, straight from a computer security specialist.

    Backup your mobile devices – including laptops and cell phones – before taking that important business trip. If you have any important information stored on them that you won't need during the trip – don't bring it with you. When you return you will be able to put any and all of this data back onto your devices if necessary.

    Any security expert will tell you to make sure your anti-virus software is current. This will prevent your devices from being infected by dangerous viruses and malware that can damage your system and affect important data files. It is important to have this software enabled during the entire trip. Taking a vacation from your anti-virus security software is a mistake that can cost you critical information, or worse – your job.

    Use a hard-wired connection whenever you can. Sure wireless networks are convenient, but they carry a higher risk of security breaches. Many hotels come equipped with a cable you can use, but if you don't see one in the room, ask the front desk. If you must use a wireless connection, either at the hotel or in the airport, only use encrypted hotspots for maximum protection.

    Important Qualities in a Data Security Keynote Speaker

    When it comes to corporate events, conferences, and retreats, nothing is worse than a boring guest speaker. Unless the audience is properly informed and entertained, the message could fall flat, causing the entire event to lose steam. In order to keep the momentum going during these events, it's important to choose a keynote speaker who is credible, professional, and charismatic all at the same time. Here are some of the things to look for in an effective data security keynote speaker to maximize the impact of your next big event.

    Experience:

    Dr. Eric Cole has extensive experience as a cyber-security expert. He has over 20 years of hands-on experience in the industry, in which he thrives on creating new companies, organizations, and products. Dr. Cole is an expert witness in cyber security, which is a testament to his broad background in the computer world as well as his professional and approachable demeanor in everything he does. This experience has helped him become a knowledgeable keynote speaker who can turn complex topics into simple concepts.

    Entertain:

    The key to an effective guest speaker is being able to entertain an entire room while remaining professional, credible, and knowledgeable. Taking a potentially boring topic like Internet security and turning it into an interesting presentation isn't easy, but Dr. Cole is able to bring technology topics to life. Full of practical information based on his personal experiences, Dr. Cole's presentations continue to captivate audiences and inspire people to apply his solutions to their everyday lives. Read some of the sample topics he has addressed during his career as a data security keynote speaker by clicking here.
    If you are looking for a guest speaker who can provide practical solutions to complex business problems, contact Dr. Eric Cole. As an experienced data security keynote speaker, his meaningful presentations can help your organization embrace technology in a safe, secure, and beneficial way.

    Paul’s Security Weekly – Episode 257 Part 1 – September 1st 2011

    In this episode's first part we interview Don Bailey on Hacking Cars with "War Texting":

    Then onto Hacking Prisons with John Strauchs, Tiffany Rad, & Teague Newman:

    We also talk about "Sneakers"!

    Episode 257 Show Notes

    Episode 257 Part 1 Direct Audio Download

    Episode Hosts:

  • Paul Asadoorian
  • Carlos Perez
  • Jack Daniel
  • Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.

    Audio Feeds:

    Video Feeds:

    Paul’s Security Weekly – Episode 256 Part 2 – August 26th 2011

    In Part 2 we discuss Apache DoS, HP problems, UPnP hacking tool, no black and white security, customizing Nessus scanners, Paul agrees with Gartner, Senior moments with Jack Daniel

    Episode 256 Show Notes

    Episode 256 Part 2 Direct Audio Download

    Episode Hosts:

  • Paul Asadoorian
  • Carlos Perez
  • "Intern Ian"
  • Jack "I have senior moments" Daniel
  • Darren "The Sound Man" Wigley
  • Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.

    Audio Feeds:

    Video Feeds:

    Paul’s Security Weekly – Episode 256 Part 1 – August 26th 2011

    Mark Russinovich is a Technical Fellow in Windows Azure, Microsoft's cloud operating system group. He was a cofounder of software producers Winternals before it was acquired by Microsoft in 2006 and is author of the high tech thriller Zero Day: A Novel. We interview Mark in this segment, and kill some bugs:

    Episode 256 Show Notes

    Episode 256 Part 1 Direct Audio Download

    Episode Hosts:

  • Paul Asadoorian
  • Carlos Perez
  • "Intern Ian"
  • Jack Daniel
  • John Strand
  • Darren "The Sound Man" Wigley
  • Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.

    Audio Feeds:

    Video Feeds: