Archive for the ‘Tallahassee’ Category

Just an idea

Would anyone be interested in an every other month get together, for 2ish hours, where you would have 3 or 4 people give a 15 minute speech/lecture on a tech type topic and Q&A afterward? Think TED, but local Tallahasseeians giving mini-lectures on technology topics they find relevant. It could be anything they want it to be as long tech play a role in it.

Ideas:

  • Photography and how you use the web to show your work.
  • Digital creation through Photoshop.
  • How to get more followers on Twitter???
  • How to use Twitter to advertise and market.
  • The benefits of using open source technology.
  • How to Partition a RAID 0 disk array.
  • Using Web 2.0 Technologies and Social Media to be more efficient.
  • How to edit music with Audacity. Using technology to enrich church.
  • How to setup a Media Center PC in your Living room.
  • What makes a good password and how to keep your information safe while on line.
  • Spam and Scam how to protect yourself from phishing.
  • How to start a podcast.
  • Whatever………….

 

With the presenters permission we could film it and create a Channel on Youtube to share these presentations.

If you think this might be something that you are interested in please let me know by commenting below or Twitter me @verticalgambit

Advertisements

There are so many ways for government to waste money, but learning a little from social media websites, like Facebook, governmental offices could learn to solve problems through crowd sourcing existing staff from around the nation. The government has a wide range of technologies that it uses from Mainframes to SQL servers to Helpdesk software. Even though government agencies are very diverse, most have core sections (Finance and Accounting, Human Resources, Legal Department, Information Technology, and Specialized Staff found within the different divisions of government) that have similar technology support needs.

Technology Support Needs:

  1. Server Teams:

    1. Email

    2. File Storage

    3. Active Directory

  2. Database Engineers:

    1. SQL

    2. Oracle

    3. DB2

  3. Programmers:

    1. Java

    2. VB

    3. HTML

    4. SQL

  4. Network:

  5. Client Helpdesk Support:

    1. PC support

    2. Phone Helpdesk


With tightening budgets and layoffs, CIO’s are fighting a delicate balance of low staffing and still keeping a high level of customer service to the end users of the technologies they support. One way that could help with this dilemma is to have a social media website for government technology staff to bounce ideas off each other. If you look at websites like Facebook and Twitter, you will see that in today’s world, most questions can be answered by asking your friends online. With government there are issues that arise when looking for answers online. The first is that government has many policies when it comes to privacy. You cannot just ask, “What is the best way to encrypt Health information” to the general public.

Another issue is environment. The public sector has a lot more flexibility when it comes to install applications within a production environment. Purchasing requirements is another issue with government. There are times, which even thought the software you have been recommended will do the exact job you need, you cannot purchase it because of money or the company is not on the government approved vendor list.

Even with all the restriction put on the public sector there is still the opportunity to use the functionality of social media sites to enhance technology support within the government. I purpose that the government build a password protected, Facebook like, site where government employees can discuss issues with others government employees. A good example of where this could really work is within the core technology support areas.

A Government Technology site could not only help solve problems with common issues quicker, it could also save tons of money in time and resources. Let take for example email. This is the life blood of most communications within the public sector. By having 60 or 70 dedicated government email specialist from around the nation all in one group you could solve common issues much faster than calling a vendor for support (although I am not saying get rid of the vendor). Not only could you solve issues faster, but you can also help prevent them by discussing best practices with people that understand the constraints of government.

This only one way to integrate Web 2.0 in to government, there are many other applications that can be used to help organize and solve issues.

Here are the FINAL official results from this year’s election (also attached in a Word document in case you want a nice copy to print or send out).
In total, we had 6,498 ballots counted. (Please note, these will NOT match the numbers reported to the Democrat at 10:03, as we still had 26 hand count sheets to be added to our precinct tallies).

Thanks to all of you who helped out with this year’s election!

National: President and Vice President

John McCain and Sarah Palin 2,634
Barack Obama and Joe Biden 3,665
Ralph Nader and Matt Gonzalez 95

State: State Senator District 3

Charles S. Dean 1,760
Suzan L. R. Franks 2,106

County: County Commissioner At Large, Group 1

Akin Akinyemi 2,413
Ed DePuy
1,509

Nonpartisan Judicial: Circuit Judge, 2nd Circuit – Group 7 Lisa Raleigh
2,086 Frank E. Sheffield 1,744

Special Survey Questions:

Grades K-12:
Should school lunch options be limited to only healthy options, or
should students have the right to choose from a variety of options,
including junk food?

Healthy options only 1,764
Healthy options and junk food 1,888

Which of the following should be the State of Florida’s official state
bird?

Osprey 1,501
Snowy Egret
700
Great Egret
1,008
Black Skimmer 340
Brown Pelican 501

Grades 6-12:
Should students be required to pass the FCAT to graduate?
Yes
2,042
No
1,620

Should students be allowed to express themselves through words,
messages, and/or symbols on their clothing, even if it is offensive to
other students?
Yes
1,467
No
2,160

Should students be held accountable by school officials for the content
of their on-line web sites, such as MySpace and Facebook, if they are
engaging in on-line bullying of other students?
Yes
1,932
No
1,628

The presentation covered four key aspects of Social Engineering

  • Change Society – Make Cyber Crime a Bad Choice
  • Old School Social Engineering
  • Phishing: Greed and Fear
  • Post Phishing: key loggers
  • Spear Phishing

Change Society- Make Cyber Crime a Bad Choice

 

The presenter started off by prefacing his reasons for the current state of internet social engineering. To start changing the current status of the internet environment the presenter suggested a change in the way society cyber crime. He stated two main reasons Phishing scams are so prevalent on the internet. The First reason is the lack of sufficient laws to prosecute criminals. The Second is the insufficient sentencing of social engineering crimes. For example, if someone robs a bank they could get a twenty year prison sentence, but if they steal your credit card information over the internet they normally get a slap on the wrist. This inconsistent administration of laws makes it an easy choice for criminals to committing cyber crime with little chance of severe consequences.

Suggestion to change the current state of Cyber Crimes:

  • Better laws enforcement technologies, tools, and training
    • Need to have dedicated study (college, community college, trade school)
    • Need to have more money invested technology to help prevent and catch cyber criminals
  • Stronger laws and punishment against cyber criminals
    • Local, state, and federal government need to take a look at stronger law to change the mentality of cyber criminals
  • Raise awareness to reduce victim pool
    • Information Technology Departments or tech savvy users should make people aware of dangers that social engineering.
    • People should be praised for making right choices
      • Incentives should be given (give away a $10 dollar gift card (randomly selected) to lunch once a month for anyone that helped deter a potential security infraction)

Old School Social Engineering

“Old school social engineering” the presenter showed a picture and asked the audience what they saw.


 

A lot of the audience said a doctor. The presenter then told how our preconceived notions can mislead us. The picture above, for his example, is a criminal who dressed up as a doctor and then talked his way in to the hospitals network closet. Once inside the closet he installed a key logger to collect user’s passwords.

Social Engineering is not about having brilliant technology skills to crack high levels of encryption. Social Engineering is about using a moderate level of technology skill and charismatic personalities to crack the weakest link in security, the human element. The doctor example above is just one way show how social engineers can gain access to important information. Another way is for someone to call the companies helpdesk and talk them in to resetting a user password to allow the criminal to login to the system.

He also brought up a good point that the one of the most dangerous individuals’ in an organization maybe the lowest level employee. Often in large organizations there are employees that only last 3-5 months. These entry level positions often have access to more sensitive information than CEOs. Social Engineers will try to offer these employees vast amounts of money to copy sensitive information for them.

 

Phishing: Greed and Fear

Since the internet has become such an engrained part of society, this has made an easy target for cyber criminals. People have started to use the internet for banking, talking to friends, storing health records, talking about personal information, using public email for business purposes, ect… With email becoming the standard for communication within businesses, it has also become ground zero for the social engineering technique known as Phishing.

Phishing: A type of scam with the intent of capturing personal information such as Social Security numbers, online banking user identification numbers, debit and credit card account numbers, and passwords.

Greed Phishing: this phishing style is used by offering people incentives for filling out information. A common greed phishing scam is to send an email that looks like your bank sent it asking people to fill out a questionnaire to receive money. People receive and email that looks like a customer review form from a bank. At the end of the customer survey you are asked to give you account number and password so the bank can deposit money.

Fear Phishing: this is the most common style of phishing. Fear phishing uses emails to scare people to quickly access their account.


The email above is an example of how scammers get unassuming people to rush to what they believe to be their banks website (through the link inside the email). When a customer attempt to login to the fake site the cyber criminals get all applicable information to steal the customer’s money and identity.

There are a couple ways to prevent this type of phishing scam.

  1. Do not use links within emails to access websites. Open a web browser and navigate to the website directly.
  2. Check the URL of the website you are logging onto. If the URL address is not familiar do not give any of your information.

Post Phishing

Post Phishing is very similar to the fear phishing scams listed above, except it is software driven. It uses key loggers to wait until people login to an actual account and then send the login information to the social engineers. Key loggers are normally distributed through websites by using links within phishing emails. If the user clicks on the links within a post phishing email it could send you to a website that would infect you machine with malware.

Spear Phishing.

Spear Phishing: combines using emails and key loggers to get information for a specific target. Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization or a person. As with the e-mail messages used in regular phishing expeditions, spear phishing messages appear to come from a trusted source. Phishing messages usually appear to come from a large and well-known company or Web site with a broad membership base, such as eBay or PayPal. In the case of spear phishing, however, the apparent source of the e-mail is likely to be an individual within the recipient’s own company (spoofed email address) and generally someone in a position of authority.

According to an article in the New York Times, spear phishing attempts are not typically initiated by “random hackers” but are more likely to be conducted by “sophisticated groups out for financial gain, trade secrets or military information.”

Here’s one example of a spear phishing attack: The perpetrator finds a Web site for a targeted organization that supplies contact information for employees and other relevant data about the company. Using available details to make the message seem authentic, the perpetrator drafts an e-mail appearing to come from an individual who might reasonably request confidential information, such as a network administrator. Typically, a spear phisher requests user names and passwords or asks recipients to click on a link that will result in the user downloading spyware or other malicious programming. The message employs social engineering tactics to convince the recipient. If a single employee falls for the spear phisher’s ploy, the attacker can masquerade as that individual and gain access to sensitive data.

(Courtsey of http://searchsecurity.techtarget.com/
)

The presenter gave a similar scenario where a personalized email is drafted to the CIO of a technology company. The email uses information found in public website to depict a plausible reason for the sender to have an attached picture. The CIO reads the email and thinks the picture attached is of his daughter making a great play at her soccer game (found by reading the daughters blog). Once the attachment is opened a key logger is installed on the CIO’s computer.

Closing Thoughts

The presentation was very informative. Although I have heard of phishing the examples given helped greatly to understand how phishing scams really work and some of the motivation that drive people to fall for these scams. I would suggest that if given the chance everyone should be take a class on the dangers of phishing schemes. Also, look to implement a reward type system, even if it is just public kudos, within the department for people who help deter Social Engineering schemes.

Business Mashups FGTC 2008

Posted: September 26, 2008 in Tallahassee, Technology

Business Mashup

Mashups take numerous data sources combined and layer them together to form an informative presentation that can deliver services tailored to individuals. The presenter used the book “The Long Tail” as an explanation to the shift from mass production of generic stuff to niche markets.

“The Long Tail, in a nutshell

The theory of the Long Tail is that our culture and economy is increasingly shifting away from a focus on a relatively small number of “hits” (mainstream products and markets) at the head of the demand curve and toward a huge number of niches in the tail. As the costs of production and distribution fall, especially online, there is now less need to lump products and consumers into one-size-fits-all containers. In an era without the constraints of physical shelf space and other bottlenecks of distribution, narrowly-targeted goods and services can be as economically attractive as mainstream fare.

Courtesy of http://www.thelongtail.com/about.html

The graph above is divided in half, the first half (red) is made up of the most popular products, while the second half (yellow) is more niche products. To make this graph more understandable, The Presenter altered the words within the graph to give an example that everybody could understand.

Scientist ran a study on thousands of books that have been scanned in to computers and to find out what were the most common words used in the English Language. Through their study they learned that 50 % of the printed English language consisted of only 137 words. After the 137 most common words, there was a leveling off in to regional or Niche word within the rest of their scanned information. When put in to a graph it looks like the above. The presenter explained that this example demonstrated that the need for a more diverse section of content (yellow) that can be “Mashup” with the vastly more popular, but smaller, main content (red).

Zillow.com was used as a real world example show how combining niche information with globally accepted formats.

Zillow.com: is an online real estate service dedicated to helping you get an edge in real estate by providing you with valuable tools and information. Zillow can overlay recent home sales information (cost of home, mortgage rates, and monthly mortgage payments) which is niche information for only those interested in buying homes, with map technology that most people use.

Another example of using Mashups was submitting a leave request for work. Normally, when an employee submits a leave request an email would be sent to their boss, she/he would approval or deny without any knowledge of how much leave the employee had left. The employees request then would be sent to the HR department for recording the hours of leave taken. If there is not enough leave time on the books it presents a problem for the employee and the boss.

With a Mashup from the HR database when the employee submits a leave request it would have showed that there was only 7 hrs leave. The application would not have allowed the employee to send the request for time off.

Web 2.0 Technologies FGTC 2008

Posted: September 26, 2008 in Tallahassee, Technology

Web 2.0 Technologies is hosted by Joe Clark, Florida State University. Joe works at the Center for Teaching and Learning

Joe talked about a lot of major Web 2.0 companies like YouTube.com and Facebook. His main emphasis was on taking user generated content of websites that can be used as a model for building unique and inventive ways to get content to users. He showed examples of how Web 2.0 are good at getting the information out to a broad audience, but also how to use the feedback from comments because it can be vital source of information too. The sites below have multitudes of user generated information using simple tagging to very specific Meta-Data to categorize content.

RSS Feeds– RSS (Really Simple Syndication) is a format for delivering regularly changing web content. Many news-related sites, weblogs and other online publishers syndicate their content as an RSS Feed to whoever wants it. RSS solves a problem for people who regularly use the web. It allows you to easily stay informed by retrieving the latest content from the sites you are interested in. You save time by not needing to visit each site individually. All your information aggregated into on manageable location using an RSS Reader.

Del.icio.us – How Delicious is a social bookmarking service that allows users to tag, save, manage and share web pages from a centralized source. With emphasis on the power of the community, Delicious greatly improves how people discover, remember and share on the Internet.

SlideShare.netSlideShare is the best way to get your slides out there on the web, so your ideas can be found and shared by a wide audience it is to Power Point’s what YouTube is to video. Help with user feedback, save exchange space having it stored in one accessible location.

Twitter– Users blast small 140 character messages good for quick broadband communication to interested parties. It can also send SMS message every time someone sends a Twitt.

Flicker – Photo sharing

YouTube.comHosts user-generated videos. Includes network and professional content. YouTube’s Tag line is “Share your videos with friends, family and the world”.

The concept of Web 2.0 is that friends, colleges, even strangers list and share information in a real time environment can lead to a greater understanding of a topic being discussed or just entertain.

 

In the presentation Joe showed how Ning.com which allows the user of popular Web 2.0 sites (Twitter, Flicker, blogs, ect.) to contribute specialized information that is aggregated through rss feeds onto one specially designed website. The example Joe share with us was the http://www.hurricanes08.org/ which is a user website that is built on the ning.com platform and ported huricanes08 web address. This site shows how using multiple data streams can be pulled in to make a very informative website. This particular site listed: Important Links and Contacts Latest Hurricane (static links that were places at the top of the page), Latest Hurricane News (rss news feed), Hurricane Maps (based off Google Maps and live NOAA weather info), Twitter (locals on the ground in the storm), Blog post (rss feed based on key words), Videos( YouTube), Pictures (Ficker), and other information sources.

I will be going to the today and tomorrow. The theme this year is “Government IT Saving Green by Going Green” (see banner below)

Currently I am schedule to see five “breakout sessions” and hopefully one Keynote tomorrow.

Tuesday, September 23, 2008

1:00 pm – 2:00 pm 

Web 2.0 Technologies
Joe Clark
Florida State University,
Center for Teaching and Learning

2:15 pm – 3:15 pm 

Business Mash-Ups
Kevin Parker
Serena Software

 

Wednesday, September 24, 2008

8:30 am – 9:30 am 

The Rising Threats and Vulnerabilities of Businesses and Organizations Through the Use of Social Engineering with Basic Hacking Skills
Denise Stemen
Supervisory Special Agent with the FBI Cyber Division
Infraguard and Agency for Enterprise Information Technology

The ITIL Journey: Tales from the Road (Alterative Class)
Coleen Birch
itSMF Local Interest Group

 

9:45 am – 10:45 am 

Proven Integration Strategies for Government
John Jamieson
Hewlett Packard

 

1:30 pm – 2:30 pm 

Business Intelligence Trends & Successes: Government Dashboards and Visual Presentation of my Key Data
Guy Cavallo, Microsoft Corporation

 

Hopefully I will be able to blog a little about them all. Also, I hope gets some pictures from the vendor exhibit hall floor. Today I am going to sit in on two of my favorite topics, Web 2.0 and Mashups. I am really hoping that there will be some interesting material covered that I can take back and introduce to my management. I suspect that since this a government conference there will not be any Bleeding Edge Technology shown, but maybe I can see some established Web 2.0 tech being used in a way that is conducive my government agency’s directive.

 

For more information on the Florida Government Technology Conference 2008 please visit the website: http://floridagtc.com/index.cfm

A conference program that list the schedule of all activities and Keynotes can be found here: http://floridagtc.com/conferenceProgram08.cfm