Why I don’t follow you?

Posted on by
Reply

I normally would follow back to people as a general rule, because I believe I could contribute to the content of the Internet. Based on this belief, I consider the more people follow me, the bigger an audience I can reach. The following set of tweeps I normally do not follow.

- You have hundreds even thousands of followers, but you have only a few tweets. This clearly tells me your followers are fake ones and I don’t care how you get them to follow you.

- You don’t have a profile or bio. I don’t know your purpose to use Twitter.

- Your only tweets are promoting your own business and they don’t contribute to the community.

- Early you followed me and I followed back, but later I found you unfollowed me. In that case, I would immediately unfollow.you. I think this is the basic mutual respect. If you don’t like my tweets, let me know. 

- Your only purpose is sex. 

- Your taste is low, or like to use bad language. 

The Security experts I follow on Twitter

Posted on by
Reply

My primary interests are cloud, social media, and security. Anything related to information, web, data, and computer security would attract my attentions. So I spent a lot of time to try to find what security experts research on and are interested in. So I compiled my own list of security experts. I watch their tweets daily and learn what they blog and talk about. It is a public list and you are free to follow (@fangfeng88/security). Here is the top 30 in the list (format is “name | @handle: blog site | job”):

Bruce Schneier | @schneierblog: http://wwwschneier.com/blog | the Chief Security Technology Officer of BT.

Graham Cluley | @gcluley: http://nakedsecurity.sophos.com/ | Senior Technology Consultant at Sophos

Mikko Hypponen | @mikko: http://mikko.hypponen.com/ | F-Secure Chief Research Officer

Eugene Kaspersky | @e_kaspersky: http://eugene.kaspersky.com/ | Chairman and CEO, Kaspersky Lab;

Luis Corrons | @Luis_Corrons: http://libertariansecurity.wordpress.com/ PandaLabs Technical Director -  Spokesperson

Christien Rioux | @dildog: http://www.sourceconference.com/ | Chief Scientist & Co-founder of Veracode

Kevin Mitnick | @kevinmitnick: http://www.mitnicksecurity.com/ | CEO, Mitnick Security Consulting LLC

Sean-Paul Correll | @lithium: http://pandalabs.pandasecurity.com/ | Threat Researcher at Panda Security and Founder of Malware Database.

Dave Marcus | @davemarcus: http://www.davemarcus.com/ Director of security research at McAfee Labs

E J Hilbert | @ejhilbert: http://www.kroll.com/solutions/cyber-security-information-assurance/ | Managing Director at Kroll Cyber Security and Information Assurance

Stewart Room | @StewartRoom: http://www.stewartroom.com/ | London-based lawyer practising in privacy, data protection and data security law.

Josh Corman | @joshcorman: http://blog.cognitivedissidents.com/ | Co-Founder of Rugged Software

Mike Dahn | @mikd: http://chaordicmind.com/ | Director of Threat and Vulnerability Management at PricewaterhouseCoopers

Aaron Portnoy | @aaronportnoy: http://dvlabs.tippingpoint.com/team/aportnoy | Manager of the Security Research Team at TippingPoint Technologies

Rafal Los | @Wh1t3Rabbit: http://hp.com/go/white-rabbit | Chief Security Evangelist at HP Software

Bill Brenner | @billbrenner70: http://www.csoonline.com/ | Managing Editor at CSOonline and CSO magazine, part of CXO Media and IDG Enterprise

Richard Bejtlich | @taosecurity: http://taosecurity.blogspot.com/ | Chief security office at Mandiant

Gene Kim | @realgenekim: http://www.realgenekim.me/ | Founder and former CTO of Tripwire, Inc

Alex Hutton | @alexhutton: http://newschoolsecurity.com/ | Director of Operational Risk at Verizon

Anton Chuvakin | @anton_chuvakin: http://www.chuvakin.org/  | Research Director at Gartner

Adam Ely | @adamely: http://www.adamely.com/ | CISO of Heroku at Salesforc.com

Brian Krebs | @briankrebs: http://krebsonsecurity.com/ | computer, internet security journalist

Christofer Hoff | @beaker: http://www.rationalsurvivability.com/blog/ | Chief Security Office at Juniper

George Hulme | @georegvhulme: http://www.linkedin.com/in/georgehulme  | Business & Technology Journalist

Martin McKeay | @mckeay: http://www.mckeay.net/ | Security Evangelist at Akamai

Eric Jacksch | @EricJacksch: http://jacksch.com/ | Ottawa-based security professional

Dan Mintz | @technogeezer: http://www.ourownlittlecorner.com/ | Chief Operating Officer at Powertek Corporation

Nick Shelby | @nselby: http://nickselby.com/ | CEO and co-founder of Cambridge Infosec Associates, Inc

Kenneth Smith | @ken5m1th: http://www.linkedin.com/in/1ksmith | Senior information security solution architect, GreenPages Technology Solutions

Thomas Wilhelm | @thomas_wilhelm: http://hackingdojo.com/ | the “Hacker Junkie”

Dave Lewis | @gattaca: http://www.liquidmatrix.org/blog/ | | security practitioner

I listed the top 30 names, but the Twitter list “security” contains more than 200 names, many of them are well-known security experts.

Gregory D Evans: the Hacker

Posted on by
Reply

Gregory D Evans is famous. He had appeared on TV shows, University platforms, security conferences keynote speakers. He’s an example of a soul coming back from the dark side. According to his own web site,

He reminds me of Skywalker from Star Wars. I kept comparing him with Anakin, the young Skywalker. Without a doubt, both Evans and Skywalker were extremely talented. At young age, they were able to master high difficult skills in their own fields.

Anakin became the best of Jedis though he was trained relatively late. He fought hard with his masters against the dark force, and won the love and blessing of Padame Amidala. However, gradually he became more and more obsessed with hatred and revenge, personal feelings overcame the duty as a Jedi. This was taken advantaged by Supreme Chancellor Palpatine, eventually became his tool to take down the Jedi temple and completely fell to the dark side, and transformed into Darth Vader.

Gregory started his hacking career since 7th grader. He broke into the school system to change fellow students’ grades for money. He stole money from banks, millions of dollars. He was self-claimed “World’s No. 1 hacker”, had been arrested and convicted felon by the FBI and law enforcement. It’s reported that he was charged to owe millions for his felony. He was also accused of plagiarism, fraud and unethical practices in the security industry. Many don’t believe he is who he claimed to be.

He had turned around since and now helps FBI to try to catch the bad guys, to educate public about cyber threats, and to give speeches about importance of cyber security. He’s the founder and CEO of security firm LIGATT, http://www.hitechcrimesolutions.com/.

Whether he is like what he was accused or not, it can be investigated and discussed. I don’t want to be judgemental here. What I want to say is that even you had been convicted in the past, you are still welcome to be on the right side of the fight. Your hacking knowledge may be invaluable. Continuously doing unethical hacking for personal gain will likely be considered as a threat to national security. Although you may say I am not a bad guy, real bad guys or even nation sponsored terrorists could advantage of the murky water to cause real damage or massive loss of life, like 911 type of attack.

Now is a critical time for security experts to form a strong alliance with former and current hackers who’s willing to participate in a constructive dialog, to create a strong defense to protect the nation and the Internet. Otherwise, we may really lose the war against cyber terrorists and hostile nations.

A picture is worth a thousand words

Posted on by
Reply

Yesterday, the keypad garage door opener stopped working. It’s apparent that the battery ran out. I tried to open it to replace the battery. The model of the garage door opener is Genie Intellicode wireless keypad opener. When the keypad cover was slid up, one can see the battery is in the compartment below the keypad.

How should I open the compartment? Do I have to ply somewhere to open it up? Do I have to take the entire unit down?

A Google search found several links. From Genie site, I found this link. If you search “replace battery”, you would find an answer without clear instructions, and there are no pictures given. So you don’t know whether that’s what you are looking for, and the instructions are not linked (“click here to..” didn’t give any hyperlink.).

eHow gave some instructions at here. I was grateful, but was stuck at step 2. What did they mean by “indentation”? If they gave an image like the following and say press the indentation at the red circle, it’s much easier to understand and there would be no confusions.

Once the cover is opened, it’s a no -brainer.

I don’t understand why sometimes people don’t take a little more effort to illustrate the procedure. This could save a lot of time for customers. I fully understand now “a picture is worth a thousand words.”

I am also document the process here, because I may forget this myself.

Twitter chats

Posted on by
Reply

Last night and tonight, I participated in two different Twitter chats, #pinchat and #blogchat. I  have gained a lot more yesterday than today. The main reason, too many people tonight.

Twitter chats are a very good way to learn some tools for doing social business and I had a lot of fun by chatting with total strangers. Soon enough, strangers become friends. When  there are not that many people in the chat, you can catch up easily and have time to retweet and reply to others. On the other hand, if there are many people, the tweets are running too fast. It’s almost impossible to follow. When you tried to reply or retweet, the entry quickly scroll down a screen or two.

After the chat, I went to http://hashtracking.com to get the statistics for this the chat hashtag #blogchat. It showed 1500 tweets. One can see, within 1 hour, at least 1300 tweets were posted, average less than 3 seconds per tweet. For a slow reader like me, it’s  like running 1500 meter with pros. I had to give up about half way.

 

Convenience in Customer Support

Posted on by
Reply

Today I was trying to run “yum update” on one of my RedHat 5 lab system when I saw the following exception appeared,

up2date_client.up2dateErrors.SSLCertificateVerifyFailedError: The SSL certificate failed verification.

I searched and found some solutions on RedHat support site. When I accessed the links, I was asked to login. Since I had never registered at the site, I decided to be a good citizen to register. After I went through their long Sign-Up procedure (15 fields) , I submitted the form, and I was thrown back to the same sign-up form without any error or warning. All the filled values are blanked out. I was really pissed off.

I am working in the customer support and understand how customers are frustrated when they have a problem. We would not only try to provide solutions into their hands such that they could resolve their issues quickly. So all of our answers and technical notes are open to public to view. They are also searchable on search engines, like Google, Bing, etc.

For high quality technical support, all your contents are created for your customers to read. I don’t see any reason someone has to register and log in to be able to read them. I understand you may want to have some statistics. If you are still using this login mechanism to count site visits, you are really way behind technology. I can understand some controls to be applied when downloading files from your site, because there are regulations that you have to follow.

I want to bring another point. Even you want your customer to login, you should seriously consider using widely used single sign-on solutions like OpenID, Facebook, Google, Twitter, etc. These are really easy to implement and customers will appreciate that.

Freedom of Expression

Posted on by
Reply

Today people are boycotting Twitter’s decision of selectively block some content posted through Twitter, due to some countries’ political views. I can understand why a lot of people’s outcry for freedom of speech and freedom of expression. At the meantime, I also understand why Twitter’s management has to make such decision to show their capability of blocking certain content. Whether they are going to actually do and how they would implement it, is still in question.

There are still a lot of countries on this planet in which people cannot speak freely. One can be jailed or lose his or her freedom by speaking out his mind. Many had even lost their lives when fighting for the freedom. Twitter could be used by the freedom fighters as such a tool.

Should Twitter support such a fight with some dissidents to the government or to violate the laws of a foreign country? Should Twitter take the risk of losing the opportunity to serve millions of their users just for a few political fighters? Sometimes business owners don’t want to get involved into such a fight. Twitter is a business tool, not political tool.

For many of us who had lived under totalitarian society, we understand the value of freedom of speech. Would you rather have the government completely close down your channel of communication, or have some compromise and less controversial argument? The change towards the freedom is a long road. It won’t happen overnight. I would rather take the fight in a more subtle way than directly. In this sense, I understand the decision made by Twitter.

Just yesterday, another news came from North Korea. The government is banning their citizens to use mobile phones, and label cell phone users as “war criminals”. Under such kind of conditions, if there is a choice, we should work hard to preserve any communication channel for the North Korean people rather than disrupting existing ones we might have in order to satisfy our so-called freedom.

On the other hand, I don’t know why Twitter has to tell the world they can do what they announced. It’s not necessary.