Category: people

While I’ve often said that Google is your new “Permanent Record,” I wonder (aloud) how permanent those records really are.

Podcast: Play in new window | Download (Duration: 5:44 — 5.5MB)

How to Subscribe to PhoneBoy Speaks: iTunes | RSS feed | SoundCloud

Find PhoneBoy on: Twitter (@phoneboy) | App.Net (@phoneboy) | Facebook (phoneboy) | Google+

This past week, I’ve been on the Check Point Security Tour up in Western Canada talking about the Dangers of Social Networking. The basis of the presentation was actually something I gave to Check Point employees in Redwood City back in August on the benefits of social networking. I added the “dangers” part after I  was asked to present in this tour

This topic seem quite timely as this past week, several of my followers on Twitter got bit by the latest attempt at hacking Twitter accounts. At least three of my followers sent me direct messages on Twitter that were a little suspicious:

this youz ? ? http://is.gd/4H1qh

lost a ton of weight and feel better here http://ringys4u.com

hi. i lost excess fat with http://loseweight.asdjiiw.com it works…

These message looked suspicious. I didn’t click on the links and I immediately warned the affected individuals to change their passwords.

Of course, Twitter is not the only place this happens. In fact, these kinds of messages have being sent out as long as email spam has been around, which have been going on at least as long as I’ve been on the Internet.

Nothing New Under The Sun

I’ve been at this “social networking” thing a while. Aside from starting out on computer bulletin boards in the late 1980s (you know, the kind you used your computer modem to dial into), which is one of the earlier forms of so-called social networking, I’ve participated in IRC, instant messaging, USENET, mailing lists (also ran my own for 9 years), online forums, blogging (phoneboy.com has been one since 2005), and of course use the “current” social networking tools like Twitter and Facebook.

The main thing that differentiates these service from one another is the interface used and whether or not the services permitted real-time communication with others. Beyond that, they all fulfill a fundamental human need–the need to be heard and understood by others.

The Value of Social Networking

By this point in time, I think most of us understand why social networking is valuable. It’s great for making new connections with people, strengthening existing connections with people, being part of (or starting) a conversation, and sharing ideas and things you’ve created.

For business, it can even be more powerful. Connecting with more customers more often can mean more sales. It can also allow you to get better visibility into what’s going wrong with your business, for example customer service snafus. Businesses have to accept that they cannot control the conversation about them. However, they have a fighting chance of guiding it in the right direction by actively participating in the conversation.

Where Email and “Social Media” Tools Differ

It’s relatively easy to send an unsolicited email to someone. All you have to do is find their email–or guess it–and send them an email. Furthermore, it’s relatively easy to “spoof” an email. I figured out in the early 1990s how to send an email from someone appearing to be from “root@heaven.org” by talking directly with the email server. While mail servers have gotten smarter about these things over the years, it can still be done relatively trivially.

The newer social media tools make this a bit more challenging as a “friend” or “follower” relationship is required. For example, I can only send someone a direct message on Twitter to someone that is actually following me. Facebook requires the person to be a “friend.” This severely limits who can send you a private message and you can be fairly certain who sent the message to you.

Despite these controls, I still see “spam” on Twitter and Facebook. And yes, like what happens with email from time to time, it appears to come from a “friend.” But unlike email, where your identity can be easily spoofed, something more nefarious has to happen.

URL Shorteners

Prior to Twitter, there was not a huge called for so called URL Shortening services, which take a long URL and make it shorter. tinyurl.com is one of the oldest such services. However, the limited message size of Twitter and the increase in URLs shared over the service necessitated the use of these services in order to allow for text to accompany the URL and, of course, allow for URLs that might be longer than 140 characters

URL Shorteners are great for exactly this reason–they make long URLs shorter. They also provide other services as well, such as the ability to see who clicked on the link and when. However, they are also bad because they mask the original URL, which, if you could see it, might cause you not to click on that link. For example, would you click on a link for either of these URLs?

• http://www.xzxxy.cn/cgi-bin/pwn-system?type=win
• http://www.paypal.com.hax0r.pl/webscr?cmd=_home

You can tell by looking at these URLs that something is up. However, Look at these two URLs:

• http://bit.ly/3Ha5Mo
• http://bit.ly/N03v1l

Can you tell what evil might lurk behind these shortened links just by looking at the link?

How Do I Get Spam From My Friends on Social Networking Sites?

With friends sending you benign looking links via direct message, we have ourselves a perfect storm for the spreading of spam. Theoretically, these messages came from someone you trust, causing you to let down your guard and think it’s ok to click on the link. The link leads to a website that contains a piece of malware that, without your knowledge or consent, either steals your Twitter credentials stored on your computer, or hijacks your existing Twitter session and sends out similar links to your friends. Or much worse.

While that can and does happen, the other possibility is that you were flat out tricked into giving your Twitter credentials to a third-party that either looked like the Twitter site or purported to do something of benefit to you (e.g. help you gain more followers). While not all third-party sites that ask for your Twitter credentials are bad, some are.

Information Disclosure

Speaking of information disclosure, there are plenty of other opportunities to disclose information on social networking sites that, under a different context, you might not disclose. My buddy Kellman has a great post on those “quizzes” that make the rounds from time to time and what great sources of information they can be about you. While some of the questions are truly innocuous, some “key” questions could be sprinkled in there that, when used in the right circumstances, could easily be used to “reset” an account password or gain access to an account.

Protect Yourself

The dangers in social networking aren’t new at all. They’ve been there for at least a decade. Fortunately, the ways to protect yourself aren’t new, either, though far too many people forget the basics.

Careful With That Link, Eugene: Like links you receive in email, particularly unsolicited ones, all links on social networking sites should be carefully evaluated. Since the links themselves are often shortened URLs, look at then text around it. Usually that text is a huge clue as it contains misspelling or contains “spammy” looking text. Your account could be sending those same kinds of messages if you’re not careful about what links you click on.

Use Different Passwords, Change Them Often: Each of your social networking sites as well as all other important websites should have different, complex password assigned to them, and they should be changed regularly. Since people often use the same password on multiple sites, one compromised account could easily lead to compromising other accounts.

Don’t Blindly Give Out Your Credentials: There are a lot of third party web-based services out there that make use of your social networking services. In the past, the only way for this to occur was to give your credentials to these services. This works, so long as these third party services weren’t somehow compromised, or worse, the services were not what they seemed to be. The one benefit to using something like OAuth (which Twitter does) is that you can revoke a web applications permission quite easily. It doesn’t prevent the third party web service from being compromised.

Keep Your Operating System, Browser Patched: Ensure you have applied all the latest patches from Microsoft, Apple, or whomever supplies your computer’s underlying operating system. Ensure you are using the latest version of your web browser.  If you are using Internet Explorer–especially if you are using Internet Explorer version 6, as is standard on Windows XP, try using a third party browser such as Firefox or Google Chrome.

Browser Plugins Can Help: If you are using Firefox, there are plugins that can help expand those “short” URLs so you can see where it is they will take you. LongURL is a good example of this for Firefox.

Security Software: Windows users should ensure they are running an up-to-date set of security tools that cover anti-virus, anti-malware, and protection from browser-based attacks. Microsoft puts out a free anti-virus/anti-malware tool which is quite good, as does a few other companies. Their free tools do not protect against browser-based attacks. Something like ZoneAlarm ForceField or ZoneAlarm Extreme Security (which includes ForceField and other security features) can be effective protection against these kinds of tools. (Disclosure: I work for Check Point Software, which publishes ZoneAlarm).

Nothing Is Completely Private: Even if you protect your updates on Twitter or are very careful about whom you interact with on Facebook, note that all communications, even so-called “direct” or “private” messages, are not entirely private on social networking services. Accidental disclosure can and does happen, thanks to actions by you or your so-called friends. It’s not always intentional, of course, but it does happen.  And yes, those “quizzes” you might take may contain a so-called identity question that could be used to take over one of your other accounts. Just be careful.

Some Final Thoughts

Social networking has been, and continues to be, quite pervasive in the civilized world. The tools used for this have and will continue to change over time. What hasn’t changed is that there are people out there who do not have your best interest at heart. And while nothing is entirely safe and secure, with a little vigilance, we can spend less time being victims of the latest scam and more time doing what we’re supposed to do on these social networks: communicating and sharing.

One of the things that is making this transition to Check Point Software easier is the community of people that support, use, and sell what used to be called Firewall-1, but now goes by a few different names and offers many more functions than just firewalling and VPNs. It’s a community I have never really left, having spent the last decade in Nokia’s Security Appliance Business, but it’s one I was less visible in over the past several years.

Despite being less visible in recent years, I have still been contributing, albeit indirectly. I have been maintaining Nokia’s knowledge base, which of course contains many articles that relate to Check Point. I haven’t written many Check Point-related articles in recent years, but I do work to make sure that the articles other folks in support write are readable. I also help our team out in various, sundry capacities, with the goal being to get customer issues resolved quickly.

In the course of this work, and my presence on many a social network, I run across the occasional person who thanks me for the contribution I made to the betterment of the Check Point community many years ago. As I re-engage in the community, the accolades have noticeably increased.

Meanwhile, Kellman Meghu, a SE manager for Check Point Software in Canada, recently gave a troubleshooting presentation for CPX 2009 in Las Vegas (CPX, or Check Point Experience, is their annual trade show). In the presentation, he apparently decided to use a picture of me to represent when things got hairy and you needed expert advice from support.

Kellman tweeted the following yesterday:

Used a picture of @PhoneBoy in his presentation. The crowd cheered; no one has forgotten the help he has provided to CP users.

To say I was touched and humbled is an understatement.

So what now? Hard to make any grand plans under the circumstances, but I’m keeping busy. I’m still running the FireWall-1 Gurus mailing list and participating on the CPUG Forums, helping out where I can. It’s not much, but until the deal between Nokia and Check Point closes, it’s difficult to do much else.

One of the things that was a shame about the implosion of Pulvermedia earlier in the year was many, many talented folks were suddenly out of a job. Of course, with the down economy, a lot of people are either in that boat or soon will be.

However, it’s nice to hear, according to Andy Abramson, that Carl Ford and Scott Kargman, two of the biggest names involved in the old VON conferences outside of Jeff Pulver himself, are teaming up with TMC’s Rich Tehrani to produce the 4G Wireless Evolution Website and a conference in Miami next February.

I probably won’t be able to go to this event, but I bet it will be a smashing success!

Image via Wikipedia

The job that is taking a large chunk of my time at Nokia these days revolves around knowledge management. What the hell is that? According to Wikipedia:

Knowledge Management (‘KM’) comprises a range of practices used by organisations to identify, create, represent, distribute and enable adoption of what it knows, and how it knows it. It has been an established discipline since 1995 ^[1] with a body of university courses and both professional and academic journals dedicated to it. Many large companies have resources dedicated to Knowledge Management, often as a part of ‘Information Technology‘, ‘Human Resource Management‘ or Business strategy departments.

My own history in “knowledge management” started back when I took over maintaining an FAQ web site for my employer, which made its way to phoneboy.com, which looked very different in the late 1990s. Of course, back then, we didn’t call it knowledge management, but that’s what it was. That led to a job at Nokia, where I have had some role in that process ever since.

Stuart Henshall is at the KMWorld 2008 Conference and has some thoughts on Knowledge Management and Social Media:

I’m thinking more and more that the social media experts are likely to usurp or overturn
many KM practices in time. The fact that SAP, Oracle and IBM are today all working with Twitter like updates is at least encouraging. Maybe they can still sell a knowledge platform?

Back when phoneboy.com was FAQs on Check Point FireWall-1, I ran the site on several different “content management” systems:

• Straight HTML files
• FAQomatic
• Nucleus CMS
• TWiki

From my point of view, you can do Knowledge Management on just about anything. The tools you use are almost irrelevant insofar as managing and presenting the actual content. The trick has always been–and will continue to be–getting other people to contribute to the process.

Granted, some tools make it easier for people to contribute. Business processes also play a role as well. At the end of the day, it ultimately comes down to the mindset of the people involved. There has to be a “culture” of sharing information among the participants.

How does social media tie into Knowledge Management? From my point of view, it’s the interaction with customers that social media provides. The interaction can be over the phone, on the web, via text chat, which are more traditional methods. It can also be over blogs, forums, or even Twitter, if you’d like.

Once you have that interaction, that interaction has to be captured somehow and turned into knowledge. I’ve seen some systems whereby chat sessions are automatically saved into a CRM system. In general, though, I don’t think simply taking a raw communications session and making it a knowledge base article in a customer-facing system is a good idea. I’ve done that very thing for an internal wiki, but it was temporary until I could go back and update the page with something more structured.

I think the reason knowledge management hasn’t caught up with Web 2.0 is because companies, in general, view knowledge has something to be tightly controlled by a few people and checked and double-checked by everyone under the sun. Social media involves the free flow of information between parties–information that may be largely correct, but some is potentially apocryphal or downright incorrect.

I’ve recently been exposed to the ideas of Knowledge Centered Support (KCS). While I don’t necessarily agree with the details of the implementation, I do appreciate the spirit of it. It is important to get as many people involved with the process of generating content as possible and focus on frequent content reuse and updating.

Will social media change how knowledge management is done? I think it already has for those who are in the know. It will take a while for the rest of the industry to catch up. Knowledge management will never be as free flowing as social media simply for the need to structure information so it makes sense to the majority of the audience, but initiatives like KCS will help to encourage employees to share what they know.

Image of Ken Rutkowski

For the longest time, one my favorite podcasts has been KenRadio. It isn’t one of the longest running daily “media entertainment technology” news shows for nothing. However, I came to an important conclusion about the show and how it interacts–or doesn’t–with it’s audience.

Let’s be clear. I don’t expect someone like Leo Laporte, Cali Lewis, or even KenRadio’s Ken Rutkowski to necessarily respond to emails I send to them personally. I know these guys get hundreds of emails a day and couldn’t possibly do it. I also don’t expect them to necessarily respond to everyone who sends them a message on a service like Twitter, either.

However, I expect these “stars” or “media personalities” to make an effort to participate–especially if they sign themselves up for service like Twitter. Or–worse yet–set up a forum on their own site! More often than not, over the years, the forum on KenRadio has either not worked or when it has, has almost zero participation from the host.

Ken Rutkowski often calls himself a broadcaster. He’s right–in the very old sense of the word. He broadcasts. There is very little attempt at engaging the audience directly. In fact, I think that’s the reason Ken doesn’t get Twitter. He doesn’t want to engage the audience.

Contrast this with someone like Leo Laporte or Cali Lewis. They interact with their audience, or at least they make a very honest attempt at it. Again, there’s no way I would expect them to be able to respond to all the emails they get, Tweets, or whatever. They actually try, though.

The bottom line: Ken asks us to engage him, but he doesn’t really engage us back. That’s old school broadcasting at it’s worst, and quite frankly, I’m done with it. I’ll miss the Ken and Andy banter–as well as some of the insight they offer. On the topic, though, there are plenty of other shows out there that cover similar topic and do a much better job at actually engaging with the audience.

Meanwhile, if you’d like to engage me on this topic because I’m either right or full of it, you know what to do. Unlike some people, I’ll respond!

Image via Wikipedia

Matthew Stevens, a.k.a. GadgetVirtuoso gives a few reasons he thinks Share on Ovi is a non-starter. His main complaints center around the fact that it’s an entirely Nokia solution with almost entirely Nokia people using it (i.e. not as diverse of a community).

While I can’t completely discount everything he says here, and you should take what I say with a grain of salt because Nokia pays my mortgage, here’s a couple of things worth pointing out about Share on Ovi that make it worth at least looking at.

It’s Not Just Nokia

While by far the best way to actually get things into Share on Ovi is using the Share Online 3.0 client built into several of the newer Nokia handsets (and downloadable for several others), one does not need a Nokia handset to make use of the service. In fact, for handsets where Share Online 3.0 isn’t an option, you can always send in your picks via email and they automatically go to the right channel. I’ve personally used this and it works well.

Also worth noting is the new, improved, mobile web interface at http://share.ovi.com/mobile. Cetainly don’t need a Nokia mobile phone to use it, or even a high-end mobile phone, but it doesn’t hurt.

Hard To Beat The Price

Free is a hard price to beat. I don’t expect Nokia to go away anytime soon, so I don’t feel like my photos might be at risk of being lost. Not that I keep my only copy of photos or movies on Share on Ovi, I upload only a few of them via the phone.

I Don’t Have As Much Flickr Tie-In

Since I primarily upload photos from my phone “on the go,” I don’t have as much need for the various Flickr third-party apps. I’d like to see some more third-party apps for sure, or at the very least an iPhone plugin for Share on Ovi developed by my comrades at Nokia.

Furthermore, I didn’t have a huge community of people on Flickr following me, at least that weren’t following me some other way. That place isn’t as sticky for me.

Easier To Get Photos Into Blog Posts

One feature I particularly like about Share on Ovi is that it is pretty easy for me to embed pictures I’ve uploaded to Share on Ovi into blog posts I do here on phoneboy.com and other places. They provide both HTML and “forum” type links for both medium and large picture sizes.

In practice, what I do is click in the text area for the one I want, usually the HTML for medium size, copy it to clipboard. I then go into a WordPress post, switch into HTML mode, pasting the forum HTML. I modify the given HTML a little and incorporate it into my blog posting. Note this technique works in other blogging services as well.

Why Do You Use It?

Let’s hear from you folks, why do you use Share on Ovi? Or why not? Post your comments here.