Jon DiPietro is Domesticating IT

Weekly High Five lists the most interesting, compelling, and/or useful links of each week.

This week’s High Five theme is, “What’s a Developer to Do?”

#5: Grou.ps And Grouply Welcome Ning Refugees

The free social networking site Ning announced this week that it will not be free for much longer.  After arguably accepting too much VC investment, it ostensibly finds itself under pressure to recognize more growth than their current freemium model will allow.  They will be requiring existing networks to upgrade to one of their paid services over the next couple of months, during which Grou.ps and Grouply are more than happy to fill the void.

Link: TechCrunch

#4: Holy Cow Did Twitter’s Top Investor Drop A Bombshell On Twitter App-Makers Today

In a move characterized by many as eating its young, Twitter investor and Union Square Ventures partner Fred Wilson fired a warning shot across the bow of thousands of developers.  A major factor in Twitter’s success has been the ecosystem of clients applications that sprung up like merchants in a gold rush town.  Now, the mine has struck gold and the owner is hinting that it will open its own general store, bank, and stagecoach service, possibly shuttering some of the very businesses that made their success possible.

Link: Business Insider

#3: Adobe: “Go Screw Yourself, Apple”

As may people are now aware, a clash of the titans is playing out between the tech giants Adboe and Apple.  The long standing feud broke out into a war when the iPad was launched without support for Adobe’s Flash technology.  The war intensified when, according to Adobe platform evangelist Lee Brimelow, Apple demonstrated its “tyrannical control over developers…more importantly, wanting to use developers as pawns in their crusade against Adobe.”  Apple’s strategies in this war are a case study in leveraging the application platform to lock down market share.  Indeed, it is forcing software developers to choose sides.

Link: TechCrunch

#2: Apple Adobe War: How Adobe Screwed Itself

From “Screw You, Apple” to “Adobe Screwed Itself,” the debate on both sides is raging with respect to Apple versus Adobe.  This article makes the argument that Adobe has its chance to create a true partnership back in the days when Apple needed a friend or two.  Now that Apple is on top, argues the author, Adobe should not be surprised at Apple’s Karmic response.

Link: Web Guild

#1: A Marketer’s Guide to HTML5

Given all of this tumult between Apple and Adobe, how do the rest of us avoid not getting dragged into a land war in Asia?  Unfortunately for Adobe, the low risk position is to embrace HTML5.  As this article points out, there are other benefits to this platform besides making your site compatible with the Apple platform.

Link: Hubspot

Feel free to provide your thoughts and/or contributions…

Continue Reading

Weekly High Five lists the most interesting, compelling, and/or useful links of each week.

Today’s post is the first in a new weekly series that will be called “High Five,” in which I will list the five most interesting, compelling, and/or useful links from each week.  I know, it’s an annoyingly uncreative name but you’ll have to put with it.  I wasn’t simply being lazy; it was somewhat deliberate on my part.  The reason is that when you’re trying to build brand recognition (as I am here on DomesticatingIT), I think you can run the risk of being “too creative” in some cases.  Sometimes, giving something a quickly, easily recognizable name that augments your existing brand works too.

Having said that, on with the show…

The theme of this week’s High Five is “cautionary tales.”  Four of the five links are to stories or announcements regarding the effects of Web 2.0 on “traditional” means of communication.

#5: Shameless Self-promotion

The first link is a shameless self-promotion for the new DomesticatingIT fan page on Facebook.  But hopefully you’ll simply recognize this as practicing what I preach; Be Authentic, Relentless, and Everywhere.

http://twitter.com/domesticatingit/status/4835717315

#4: The End of the Email Era

This article generated a fair amount of chatter on Twitter.  While I do think the title of the Wall Street Journal article (Why Email No Longer Rules…) may overstate the case a bit for the sake of sensationalism, it makes an important point.  It’s also a point that I harp on in many of my social media presentations; the communication landscape is changing as anyone with teenage or college age children knows.  My daughters’ primary means of communication are text messaging and Facebook updates (in that order).

http://online.wsj.com/article/SB10001424052970203803904574431151489408372.html

#3: Judge: Cellphone Ringtones Are Not Concerts

I am fascinated by the recording industry’s ongoing declaration of war against its own customers and this article is an example of its unbridled arrogance and avarice.  What organization (other than our government) thinks it’s OK to charge people twice for the good or service?  Of course, there is that old adage about software development; “You pay us to put the bugs in, and you pay us to take the bugs out.”

http://www.wired.com/threatlevel/2009/10/judge-mobile-phone-ringtones-are-not-concerts/

#2: Google Wave Explained

This is a nice, short video that provides a simple (albeit abridged) explanation of just what Google Wave is.  I’ve just secured a Google Wave invitation and will surely be blogging about this in the future.  Be forewarned; this is a game changer and it deserves your attention.

http://holykaw.alltop.com/google-wave-explained-11?c=1

#1: ISA replaces annual expo with new knowledge-based event

This is an important article regardless of whether or not you have any interest in the International Society of Automation.   The ISA announced that it will be ending its trade show exhibition with an event more focused on “knowledge.”  I made my thoughts known on Gary Mintchell’s blog, so I won’t recount them right at this moment.  The more universal point here is that we are seeing another example of the Web 2.0 world imposing its will on traditional platforms for marketing, communication, and collaboration.

http://www.automationmag.com/200910132568/ma-content/industry-news/isa-replaces-annual-expo-with-new-knowledge-based-event.html

Feel free to provide your thoughts and/or contributions…

Continue Reading

Phishing is a deceptive tactic used in emails, on bogus web sites, and other communication media that convince people to click on a link that typically brings the user to an impostor web site. These cyber attacks are generally attempting to accomplish one or both of the following:

• Surreptitiously obtain personal account information
• Plant virus and/or worm programs on the machine

Phishing is considered to be a “social engineering” cyber attack because it relies on tricking or deceiving humans into doing something they don’t realize they’re doing (see “The Hacker as a Magician“). This is contrasted by exploits, which rely on shortcomings or defects in computer firmware or software to accomplish their nefarious objectives.

There are two common link manipulation tactics used that are easily recognized if you know what to look for…

Tactic #1: WYSINWYG

“WYSIWYG” is an acronym for What You See Is What You Get and is commonly used to describe software programs that provide an intuitive, graphical user interface that provides an accurate visual representation of the final rendering of some sort of content. In this case, I’m coining a new acronym; What You See Is Not What You Get. This is because the first common misdirection tactic used in Phishing is to display a legitimate URL (uniform resource locator) address that, in fact, points to a completely different address.

In order to understand how this works, here is a very quick and dirty introduction to how links are built in HTML. You’ll notice that there are various links scattered throughout this article that are plain English words that can be clicked.  As an example, the code for creating “Click here to visit my blog” looks something like this:

Click <a href=”http://domesticatingit.com”> here</a> to visit my blog.

When your browser sees this code, it composes a link to the address pointed to in the “href” attribute (in this case, “http://domesticatingit.com”) but only shows you the word “here”. Phishing attacks frequently rely on displaying a link that appears to be a legitimate address but isn’t. Consider the following screen shot:

Example Phising email

This is an example from Microsoft’s web site of a common technique that Phishing attacks use to obtain online banking credentials. The text displayed in the email (#1) displays the legitimate URL for this fictitious bank’s login page. However, hovering over the link in Microsoft Outlook reveals that the actual address (#2) is a completely different address. There are three observations to make in this example:

1. The displayed address and the actual address are different. This is a huge red flag and should make you extremely suspicious.
2. The displayed address is secure (i.e. “https”) URL, and the actual is not. Again, this is a red flag.
3. The actual address is an IP address instead of a domain name. While there are occasionally legitimate reasons for doing this, it is another red flag that makes the link questionable.

In most software programs, hovering over a link will display the actual address either in a status bar or as balloon text below the link. Here’s an example from my Gmail account (using Firefox 3) that illustrates how to see where the link in an email is going to take you. The cursor is hovering over the “Review Legal Agreements” text and the status bar in the lower left hand corner displays the “href” attribute of the link.

Example of email link previewing

If for some reason hovering over the link does not reveal the destination address, you can usually right-click on the link and select “Copy Link Address” and then paste into Notepad in order to check it.

Bottom Line: Look before you leap.

Tactic #2: Sneaky URLs

Another tactic employed in Phishing attacks is to use URLs that, at first glance, appear to be legitimate because they include the real web site’s name somewhere in the URL. A recent Phishing exploit pointed toward Twitter users employed this approach to steal logins by using “twitter.access-logins.com” for the domain. Many people are fooled into believing this is legitimate simply because the word “twitter” appears in the address. It is further legitimized by rendering a near-perfect forgery of the real web site:

Twitter Phishing forgery

The reality, however, is that entering your login credentials on this site causes them to be logged to a hacker’s database that then uses the compromised accounts to send direct messages to other Twitter users.

This deception works because the address used directs a browser to the “twitter” subdomain of the “access-logins” web site. Without diving into a full-blown tutorial on how host names are constructed, suffice to say that you need to read host addresses from right to left in order to understand how they are qualified. The right-most portion of the address is “com”. The next portion of the address, “access-logins” is the actual domain name. The WHOIS registrant for this domain turns out to be:

Registrant:
  Organization   : zhang xiaohu
  Name           : zhang xiaohu
  Address        : changningzhonghuainanlu192hao
  City           : changning
  Province/State : Hunan
  Country        : CN
  Postal Code    : 421500

Bottom Line: Parse that address – make sure the two right-most components are correct (e.g. “twitter.com”).

Feel free to add your hints and suggestions in the comments below.  Also, forward this article to anyone you know who might be vulnerable to these tactics.  You can find more advice on avoiding Phishing scams on Fraud.org.

Continue Reading