Showing posts with label Computer Crime. Show all posts
Showing posts with label Computer Crime. Show all posts

May 13, 2012

Facebook IPO--Love It, But Leave It

With the Facebook IPO scheduled for this week, valuing the company at as much as $96 billion, many investors according to Bloomberg BusinessWeek (11 May 2012) see this as overvalued.

Facebook will be the largest Internet IPO in history, and would be about 4 times as much as Google was valued at its IPO at $23 billion in 2003.

Further, Facebook could be valued at offering at 99 times earnings.

This is more than the price earnings ratio of 99% of companies in the S&P Index, yet even with some estimating sales of $6.1 billion this year, Facebook would only rank about 400 in the S&P 500.

True Facebook has amassed an incredible 900 million users, but the company's revenue growth has slowed for the 3rd year in a row.

Another article in BusinessWeek (10 May 2012) describes a new social networking contender called Diaspora.

Unlike Google+ which is predominantly a Facebook copycat, Diaspora is bringing something new and major to the table--they are addressing the privacy issues that Facebook has not.

Diaspora is a distributed (or federated) social network, unlike Facebook which is centralized--in other words, Diaspora allows you to host your own data wherever you want (even in the cloud).

Each of these independently owned Diaspora instances or "pods" (dispersed like in the Diaspora) make up a true social "network"--interconnected and interoperable computing devices.

With Diaspora, you own your own data and can maintain its privacy (share, delete, and do what you want with your information), unlike with Facebook where you essentially give up rights to your data and it can and is used by Facebook for commercial use--for them to make money off of your personal/private information.

When it comes to personal property, we have a strong sense of ownership in our society and are keen on protecting these ownership rights, but somehow with our personal information and privacy, when it comes to social networking, we have sold ourselves out for a mere user account.

As loss of personally identifiable information (PII), intellectual property, identity theft, and other serious computer crimes continues to grow and cost us our money, time, and even our very selves in some respects, alternatives to the Facebook model, like Diaspora, will become more and more appealing.

So with social networks like Facebook--it is a case of love it, but leave it!

Love social networking--especially when privacy is built in--and others don't have rights to what you post.

But leave it--when they are asking for your investment dollar (i.e. IPO) that could be better spent on a product with a business model that is actually sustainable over the long term.

(Source Photo: here with attribution to Allan Cleaver)

Share/Save/Bookmark

January 22, 2011

When My Friend Got Hacked

True story.

So an old friend of mine had his account hacked on Facebook.

And the hacker is sending chat messages to my friend’s Facebook contacts—like me—pretending to be him—with his picture and name and all his online information.

He says that he is stuck in London, just got mugged—at gunpoint—losing his money and phone and needs my help.

At first, I’m thinking oh crap; my friend is in trouble and needs me. Then, I’m like wait a second, he’s pulling my leg. So I ask “are you joking?”

The hacker—pretending to be my friend—continues how it was such a terrible experience, but thank G-d they are still alive.

I’m on the other end of this chat—and questioning now if this person is really who they say they are—despite the REAL picture and profile.

I ask who are you with?

The hacker replies with the name of my friend’s wife. Her real name!

And the hacker continues with the mugging story and how they are leaving in a few hours for their return flight to the States, but need help.

Ok, I am happy to help my friends, but I want to know this is really my friend. Behind the scenes, I am contacting other mutual friends, family and so on to verify this story and resolve this.

On the chat, I ask—can you tell me something that only the two of us would know?

The hacker starts flipping out and gives me "?!?!?!...."

I repeat my question and ask if the hacker understands.

The hacker responds that they do.

And then ignoring my questioning, proceeds with the storyline asking me to wire money and that it will be okay, because they will need identification to retrieve the wire.

Now I ignore the hacker’s request and go back to my question about who this person on the other end of the chat really is?

No response.

"U there?"

Hacker is offline...for now.


Share/Save/Bookmark

January 29, 2008

Intrusion-Prevention Systems and Enterprise Architecture

Firewalls have traditionally been used to “wall off” the enterprise from computer attack, but now intrusion-prevention systems are augmenting the organization’s defenses.

The Wall Street Journal, 28 January 2008 reports that “intrusion prevention systems promise an even smarter defense” than firewalls.

Firewalls are intended to keep intruders out. However, because certain traffic, such as email, needs to get through, holes or open ports allow in traffic that can carry viruses or malware into the network.

Intrusion-prevention systems work differently—they don’t wall off the enterprise networks like firewalls, but rather like a metal detector, they filter or scan every piece of traffic entering the organization for suspicious activity, and reject any item that is identified as a threat.

According to Wikipedia, Intrusion prevention systems (IPS)... [are] a considerable improvement upon firewall technologies, IPS make access control decisions based on application content, rather than IP address or ports as traditional firewalls had done.

Intrusion-prevention systems can be hardware that is physically attached to the network or software that is loaded onto individual computers.

Are intrusion-prevention systems really necessary?

Yes. “According to the Computer Security Institute 2007 Computer Crime and Security Survey, the average annual loss suffered by U.S. companies from computer crime more than doubled last year to $350,424 from $168,000 in 2006. And these reported losses tend to underestimate the number of attacks.”

Gartner analyst recommends antivirus on PCs and an intrusion –prevention system on the network.

Are there any problems with intrusion-prevention systems?

One of the biggest issues is false positives, which if not adjusted for will block desired incoming traffic. One way to handle this is to use the intrusion-prevention system to “detect threats and flag them,” rather than simply block them altogether. Additionally, the organization can adjust the filters that they may not need. This is the tuning required to ensure performance in terms of network speed and an appropriate level of filtering.

If your organization is not using an intrusion-prevention system, this is something your enterprise architecture needs to plan for and implement ASAP.


Share/Save/Bookmark