Posts Tagged ‘social-media’

Re-Tweet this post – it’s part of my plan to beat the recession

December 15, 2012 Leave a comment

In order to beat the recession I need to expand. In order to expand I need a business loan. In order to get a business loan I need to improve my Klout.

No, really.

I went to the bank. No.

I went home, juggled some figures on the business plan to improve the bottom line projected profits and went back. No.

Apparently it has nothing to do with business potential, it has only to do with collateral. That is, I can have it if I can prove I don’t need it.

There must be another way. So I checked American Banker and found this in Thursday’s issue:

CAN is joining a growing list of companies chasing small business loans by using alternative data sourcing. These companies include Kabbage, which uses social media data as part of lending decisions… Lighter Capital also uses social networking data…
Big Data Comes to Small Business Online Lending

So I checked back into the earlier issues, and found this:

The company [Kabbage] is incorporating social media activity into its analysis now, Frohwein [founder and CEO] says. “We allow our customers to associate their Twitter and Facebook accounts. As our theory goes, the more active you are at keeping in touch, gaining followers, and responding to them, the more likely you’re running a solid, growing business and you’re worth an additional risk. Or there’s less risk associated with you so we can provide more cash or at a lower rate.”
The 10-Minute Small Business Loan

So that’s the plan; and that’s where you come in. Tweaking the bottom line of my business plan no longer works – but with your help I will be able to tweak the bottom line of my Klout score and get the low-interest business loan I so richly deserve. So please use the ‘share’ buttons below: tweet, like, repost, Reddit, whatever – or all – for this post. Do it for Christmas and the lulz, and I’ll still beat the system. You know I’m worth it.

Categories: All

Google removes Khosrow Zarefarid’s blog

May 1, 2012 Leave a comment

On Thursday last, while I was traveling home from Infosecurity Europe, Khosrow Zarefarid (the Iranian software engineer who tried to get better protection for Iranian card details held by the banks) contacted me:

Whay my weblog was stoped from google site? Can you help me to solve this problem? I had about 1000000 viewer.

Believe me, his English is infinitely better than my Arabic (which doesn’t exist).

KZ blog

Not what you want to wake up to...

I couldn’t respond immediately because I was just about to board a peak-time train, and had neither elbow room nor a signal. It wasn’t until Monday that I managed to talk (despite an appalling telephone line) with Google’s Ryan Brack, Manager, Global Communications & Public Affairs.

“Our policy is not to talk about individual cases when it comes to the sort of issue here, which is either a violation of policy, specific content on a blog, etcetera. We just don’t talk about specific cases; but I wanted to give you some sort of piece of information so that you can be clear what Google’s policy is…” He then kindly gave me step by step instructions on how to navigate to the Google policy page, and particularly pointed me to the paragraph:

Personal and confidential information: It’s not ok to publish another person’s personal and confidential information. For example, don’t post someone else’s credit card numbers, Social Security numbers, unlisted phone numbers and driver’s licence numbers. Also, please bear in mind that in most cases, information that is already available elsewhere on the Internet or in public records is not considered to be private or confidential under our policies.

That was it. The line dropped again, almost certainly due to problems at my end (thanks again TalkTalk) and I gave up attempting further voice contact. I emailed:

Hi Ryan

My apologies – I’m having serious line problems ATM. The point I wanted to make is the [that] Zarefarid posted only part of the credit card numbers – enough for the user to recognize that he had them, but nor [not] enough for anyone to make use of them.

This was a clear case of whistleblowing. He had attempted to report the issue through the official channels but was ignored. So he chose this way, but without actually endangering anyone’s personal information (or card numbers).

That was more than 24 hours ago. No response whatsoever.

I don’t believe that Khosrow Zarefarid breached Google’s policy, although he clearly went up to the line. In this instance he was trying to prevent ‘personal and confidential information’ from ending up on the internet. I also believe that under such circumstances Google has a duty to warn the blog owner and provide means by which the blog content can be retrieved by the owner (this may have happened without me knowing about it – but I doubt it).

Google claims, in the same ‘content policy’:

Blogger is a free service for communication, self-expression and freedom of speech. We believe that Blogger increases the availability of information, encourages healthy debate and makes possible new connections between people.

We respect our users’ ownership of and responsibility for the content they choose to share. It is our belief that censoring this content is contrary to a service that bases itself on freedom of expression.

In this instance it did not live up to this ideal. In this instance, Google fell far short – and I appeal to Google to reverse this decision and come to some arrangement with Khosrow Zarefarid.

Keynote sessions from Infosecurity Europe 2012 – and a few other stories

April 29, 2012 Leave a comment

Infosecurity Europe is over for another year. If you weren’t there, well I just suggest you make sure you get there next year. Meantime, here’s my take on a couple of the announcements and almost all of the keynote sessions:

Infosecurity Europe 2012: Minister of State for Universities and Science introduces the 2012 security breaches survey
The challenge, says the Rt Hon David Willetts, is that in order to get the economic and social benefits that the internet offers, we need to first tackle cyber security.
24 April 2012

PwC and Infosecurity Europe release the latest Information Security Breaches Survey
Significant attacks more than double, but one-in five companies still spend less than one percent of their IT budget on security, and more than half of small organizations do no security training at all.
24 April 2012

Russian cybercrime: what Russia is doing, and what it should be doing
Russian security company Group-IB says Russian cybercriminals made £2.3b in 2011; Russian-speaking cybercriminals made more than $4b; and worldwide, cybercriminals made more than $12.5b.
24 April 2012

Trustworthy Internet Movement Launches Pulse Tracker
The problem, says Pulse, is that we are telling users that this site has SSL, so it’s secure. That’s not necessarily true. We are promulgating a false sense of security, and we need to fix that.
25 April 2012

Infosecurity Europe 2012: defining risk management in the context of information security
The three companies represented on the keynote panel (G4S Secure Solutions, Steria UK, and Skipton Building Society) are very different; and their CISOs have very different views on the functioning of risk management within infosec.
25 April 2012

Infosecurity Europe 2012: the rising role of the CISO
Chaired by Quocirca’s Bob Tarzey, Network Rail’s CISO Peter Gibbons and Yell’s CISO Phil Cracknell led a lively discussion on the current and future role of the CISO.
25 April 2012

Ipswitch survey reveals the extent to which IT is losing control over data
IT needs governance; but users are choosing simplicity. In choosing and using their own non-sanctioned methods for data transfer, users are causing IT to lose control over its own data.
25 April 2012

Infosecurity Europe 2012: AET & APT – Is this the next-generation attack?
Advanced persistent threats (APT) and advanced evasive techniques (AET): what are they, who’s doing them, and what can we do about them?
26 April 2012

Has the time come to dump anti-virus?
Bit-9 asks the question that dare not be spoken: is anti-virus beyond its sell-by date? And is BYOD the final straw?
26 April 2012

Infosecurity Europe 2012: The ICO on better regulation and better infosec
Christopher Graham, the UK Information Commissioner, talks about his role as an information regulator and facilitator at Infosecurity Europe in London
26 April 2012

Infosecurity Europe 2012: Are we smart enough to secure smartphones?
Three heads of security from three very different organizations came together to discuss their practical and very different experiences in introducing a company BYOD strategy.
26 April 2012

Infosecurity Europe 2012: The insider threat – is it real?
While the primary security stance faces outwards and is designed to keep hackers and malware outside of the system, organizations are increasingly aware that their own staff are also a potential – and in some cases an active – threat.
27 April 2012

Infosecurity Europe 2012: The cloud – do you really know what you’re getting in to?
The cloud is new; but it’s been around for years. It’s insecure; but more secure than we fear. Two practitioners discussed the cloud of FUD.
27 April 2012

It’s the lack of understanding of virtualization that makes security an issue
A new study from Kaspersky Lab confirms an earlier one from Crossbeam Systems: it’s a lack of knowledge about virtualization that leads to fear for its security.
26 April 2012

Categories: All, Security News

Infosecurity Magazine news stories for 20 March 2012

March 21, 2012 Leave a comment

My news stories on Infosecurity Magazine for Tuesday 20 March…

New twist in social engineering rogue AV
Rogue anti-virus products continue to be a major source of malware. The trick for the criminal is in getting the victim to click the link; and GFI has spotted a new development.
20 March 2012

Cost of data breaches outstripping inflation
The average cost to UK business per record lost, according to the latest Symantec/Ponemon study, has increased from £47 in 2007 to £79 in 2011. Had it been inflation alone, it would have increased to just over £53.
20 March 2012

Infosec human factor solved only by education
Information security is among the most popular of all the training courses offered by SkillSoft, with ‘An introduction to Information Security’ second only to the ‘Fundamentals of Networking’ in the top 100 IT courses says the company.
20 March 2012

Categories: All, Security News

Infosecurity Magazine news stories for 8/9 March 2012

March 10, 2012 Leave a comment

My news stories on Infosecurity Magazine for Thursday 8 March and Friday 9 March…

Rogue anti-virus up and Kelihos botnet is back
GFI Software’s report for February highlights two main issues: the incidence of rogue anti-virus is continuing to increase; and the Kelihos botnet ‘taken down’ last year is resurgent.
09 March 2012

Today’s #FFF hack by Anonymous is a police equipment store
Anonymous has vowed to do a hack every Friday, calling it the #FFF campaign. Today AntiSec defaced the New York Ironworks, a police equipment supplier that describes itself as ‘NYC’s finest police equipment & tactical op’s gear store.’
09 March 2012

Vatican website DDoS’d by Anonymous
Following the AntiSec attack on PandaLabs on Tuesday, Anonymous ‘besieged’ Vatican websites on Wednesday – probably with a DDoS attack.
09 March 2012

CPA may help local authorities reduce data loss
Becrypt’s DISK Protect full-disk encryption product is the first commercial product to be granted CPA certification. By encrypting local authority laptops, it may help prevent the continuous leakage of personal data.
08 March 2012

Fake social network profiles take advantage of social ‘face bragging’
Most people have a desire to demonstrate that their own friend list is bigger than their friends’ friend lists – and it’s exposing them to fake friends.
08 March 2012

EDPS delivers Opinion on the EU data protection reforms
The European Data Protection Supervisor Peter Hustinx has delivered his formal Opinion on the current EU data protection reforms; and finds them wanting. He starts with the “EDPS applauds…” and ends with “but…”
08 March 2012

Categories: All, Security News

Infosecurity Magazine news stories for 5-7 March 2012

March 8, 2012 Leave a comment

My news stories on Infosecurity Magazine for Monday, Tuesday and Wednesday this week…

Trustwave to acquire M86 Security
Trustwave, a Chicago-based security company with offices around the world, has signed a definitive agreement to acquire M86 Security, which is based in Irvine California and has international headquarters in London and R&D in California, Israel and New Zealand.
07 March 2012

CIOs recognize the mobile threat; but aren’t yet responding to it
A new survey from Vanson Bourne, sponsored by Sophos, underlines a current anomaly: CIOs believe that mobile devices are a security risk, but aren’t doing much about it.
07 March 2012

LulzSec leader Sabu turns FBI informant
It’s been a tempestuous week in the battle between Anonymous and the law: 25 arrests, the poisoning of the Anonymous DDoS tool, and now the LulzSec leader, Sabu, has been named an FBI informant.
07 March 2012

Trust in communications is decreasing
While the UK is becoming increasingly better connected, trust in those connections is declining.
06 March 2012

THOR: a new P2P botnet for sale
A new botnet is nearing completion and is being offered for sale on the hacking underground at $8000.
06 March 2012

India/Bangladesh cyberwar moves to a new level
The ongoing cyberwar between India and Bangladesh has escalated with Teamgreyhat, in support of “our Indian brothers”, moving from commercial to economic targets.
06 March 2012

Is it time to move on from anti-virus?
On Friday, Wired quoted security expert Jeremiah Grossman as someone who doesn’t use anti-virus software, and asked the question: “Is Antivirus Software a Waste of Money?”
05 March 2012

UK opts in to the EU-USA PNR agreement
The UK’s Home Office says that on the 9th February 2012 it notified the President of the Council that “the government has opted in to the EU-US Agreement on the exchange of passenger name record [PNR] data.”
05 March 2012

Twitter complies with court order – hands over account details
Guido Fawkes in the UK is the pseudonym of an award-winning anti-establishment blog operated by Paul Staines. In the US it is a name associated with a Twitter account handed over to law enforcement. Around the world is has become associated with the Anonymous movement.
05 March 2012

Categories: All, Security News

When personal responsibility goes out the window, problems come in through the front door

March 2, 2012 Leave a comment

Socially, it started with the rise of socialism in the last century. People stopped being responsible for themselves and became reliant on the State. Problems followed.

Domestically, it probably started with Dr Spock and the ’60s; and has escalated ever since. Parents abdicated responsibility for their children and gave it over to teachers, doctors and the police. Problems followed.

Now we are doing the same with our cyber lives – we are delegating responsibility for our actions, our safety, our privacy and our security to laws, regulations and automated systems. And problems will follow. In fact they’ve already started with a brilliant example reported by Yahoo News.

Georgia High School was locked down on Wednesday when a gunman was reported to be on campus. There was no gunman. It was a false positive. A text message was inadvertently sent to the wrong recipient. It said “Gunman be at West Hall today”. The recipient didn’t know the sender, so immediately reported it – and the school went into lockdown complete with a police perimeter.

But it was a simple technological error. The original text message said ‘Gunna be (going to be) at West Hall today.’ It was the smartphone’s autocorrect, unnoticed by the sender, that changed ‘gunna’ into ‘gunman’.

This is the writing on the wall. As more and more actions and processes become automated and further away from anyone able to take responsibility for the response, Terry Wrist will be arrested, will get taken down, comedians will be harassed, tourists arrested for photographing the wrong building, motorists barred because their license plate was blurred, Indy music blocked because a few notes sound similar to other music written 50 years ago on a different continent, and God knows what else, all done automatically and without human intervention. At the moment, a false positive is an annoying side-effect of anti-virus: in the future it will become a life-changing, and possibly life-threatening, probability.

Categories: All, Security Issues