Josh More – Starmind Blog

This blog is about technology, business and security, and even though telephones are older technology, they are still technology.

Earlier this week, I received a phone call.  As I was busy, it went to voice mail. Upon checking it, I heard the following:

Hi, this is Travis.  Calling about full time and part time work.  555-555-5555.

First of all, I do not know Travis.  Secondly, I do not know if Travis was looking for work or looking to hire.  Third, I have no idea what company Travis is representing (or if he even is).  I returned his call and left a message with my name, company, reason for calling and a contact number.

This morning, my phone rings and the following conversation ensues:

• Phone: Ring Ring
• Me: "This is Josh"
  • Note, I deliberately answer the phone this way, because many of the automated systems listen for a "hello" or a "yes".  It's also a good way to put people off their guard and give me the upper hand in case they're trying a scam.
• Phone: Pause
  • This indicated to me that I was being called by a machine.
• Travis: "Yes, I'm looking for Josh"
  • I just told him who I was.  This tells me that he's not listening.
• Me: "This is Josh"
  • Note, making me repeat myself is not a good way to start a conversation or a relationship.
• Travis: "I think I received a call from this number looking for part time work"
  • OK, first of all, his message was full or part time work, so he's changed his story.  Second, he clearly doesn't know who he's calling.  Third, I have some doubts as to whether he's actually listened to my message.
• Me: "May I ask who is calling?"
• Travis: "Travis"
  • Uh huh.  Either this guy is utterly clueless or there's some sort of scam going on here.
• Travis: "Are you looking for part time work?"
  • Yes, as a matter of fact, I am.  In fact, I don't even care what the work is, where it is, when it is, or how much you pay.
• Me: "Um, what kind of work?"
• Travis: "Well, we're in the health care industry"
  • Right.  Are they a hospital?  Are they looking for nurses, doctors, janitors, receptionists?  Maybe they do health insurance.  Maybe they run around breaking people's kneecaps and then driving them to the ER.  So many options, so little time.
• Me: "I work in I.T."
• Travis: "Umm, err"
  • At this point, I decide to let him off the hook, as I'm busy and have real work to do.  Even if he is trying to scam me, I don't have the time or legal authority to set a trap for him.
• Me: "I suspect that you have the wrong number.  In the future, it would be useful to know which company you represent and what sort of work you are referring to."
• Travis: "Thanks for the tip!"
• Phone: Hang Up

The telephone is a form of electronic communication, much like email, blogging, IM and Twitter.  As with all forms of communication, there is a minimal standard of etiquette as well as a layer of etiquette that is technology-specific.  In this case, were Travis a legitimate caller, he should have given me his company name and a reason for his call in his initial message.  That would have given me the information necessary to return his call and leave a message indicating that he had dialed the wrong number.  That would have much more efficient for everyone involved.

Also, were Travis a scammer, he should have researched me before calling me (I'm not difficult to find) and constructed a scam that would have appealed to me.  Odds are "I need help with my computer" would have sufficed.  At that point, we could have had a conversation about the type of work I do, which would have enabled him to better tune the scam at getting either free work or money out of me.

By not following the appropriate form of social etiquette for the communication medium, he tipped me off that there was something hinky going on.  Much like misspelled words in email, poor (or perfect) grammar in spam, or letter-abbreviations in instant messages, a variance from established social convention is often the first tip we get that a security violation is taking place. Watching for those is the best way to protect yourself against scams and shady business dealings.  It's also a good way to recognize business errors before they start to take too much of your time.

In case you need one, there are many phone etiquette guides.

Related posts

• No related posts.

The first thing to realize when it comes to protecting your logs from attackers is that if the logs aren't there, they can't be attacked.  At a minimum, you should consider setting up a remote logging server.  This does not have to be a brand new top-of-the-line server.  It can be an older server, a workstation or a virtual machine.  The big thing to keep in mind is that it will need a lot of disk space.  Depending on your network, it may also need a very fast network connection.

A nice free option to use is syslog.  It's not as user friendly as some of the commercial systems, but you can't beat the price.  For this tool, you just install one of the syslog-compatible systems on your remote server and configure each of your other systems to log to it.  There are Windows tools and guides so you can capture those logs as well.

Of course, there are some commercial options as well.  These often include enhanced tuning and searching.  Splunk , Snare and LogLogic are known in the industry.

The second thing to consider when looking at logs is that you actually have to look at them.  Remote logging may get the logs away from the attacker, but if it also gets them away from you, they're not terribly effective.  Most of the log management tools fall into three categories:

• those that find problems and alert you
• those that let you search the log
• those that help you visualize the data.

Before looking at any of the many tools out there, ranging from application-specific to purpose-specific to problem analysis, you should first consider what you care the most about.  Logging involves a lot of data, and if you start with alerting before you tune anything, you'll be drowning in it.  Similarly, it doesn't make much sense to put considerable analysis time into an application that isn't business critical.

Instead, it's best to start by getting all of your logs in one place, and focusing on doing that well.  That's a large project in of itself. Once that's done, start looking at the sizes of the log files that you're creating and work on reducing them. Odds are that at least one of your logs was set to maximum verbosity for testing something and never set back. Once you know that all of your logs have the data they need in them and as little garbage as possible, start with the biggest and look for a free tool that helps you pull out the important information. Then, move on to the next. Yes, it will take a lot of time and many tools. It may not look pretty, but it will work.

And, after all, working is what matters the most.

Then, later, once you have a greater level of inspection than you've ever had, you'll know enough to seriously consider the big log management players. There's no point in spending lots of money until you know what you're spending it on.

Related posts

• Small Business Attack – Changing Logs (0)
• Mythic Monday – The Aging Lion and the Fox (0)

In I.T., we love logs.  They're organic, they float, they burn and you can build houses out of them!  Of course, we also like the other kind of logs as well.

The kind of logs I want to talk about are the ones that keep track of what's going on with your systems.  They are intended to make it easier to reconstruct strange behavior and trace issues between systems. System administrators will check the logs to see if there are problems involving CPU, memory or disk usage. Network administrators can use them to trace network congestion and connectivity issues. Developers can use them to find out why certain programs aren't functioning properly. Also, security professionals can use them to help identify attackers and how far they penetrated a system or network.

At least, in theory we can. There's one problem: attackers can write logs too.

A common technique that attackers use is to erase or modify the logs after they successfully compromise a system. They can cover up vulnerabilities, erase their tracks and make things appear to be running OK even when they're not. They can also read the logs and use the information in them to identify other targets.

If you have a system that is backed up on a regular basis, an attacker can find those logs and use them to identify the backup server. Once they know that, they can focus their efforts on getting the data that's over there. They can use logs to identify which users might have elevated permissions on other systems. They can also use them to determine what "normal" activity looks like, so they can hide their activities in places you can't find them.

Like many things, it's a double-edged sword.

You need the logs, because they're useful to you, but they're also useful to the attackers, so what can you do?

Related posts

• Small Business Defense – Remote Logging and Analysis (0)
• Small Business Attack – Denial of Service (2)
• Mythic Monday – The Aging Lion and the Fox (0)

Today, let's take a look at the other side of immortality (the down-side of which was explored here).  In particular, let's look at jellyfish.

That's right, scientists have discovered immortal jellyfish.  (Such an interesting world that we live in.)

What's most interesting about these creatures is how they achieve immortality:

But when starvation, physical damage, or other crises arise, "instead of sure death, [Turritopsis] transforms all of its existing cells into a younger state," said study author Maria Pia Miglietta, a researcher at Pennsylvania State University.

The jellyfish turns itself into a bloblike cyst, which then develops into a polyp colony, essentially the first stage in jellyfish life.

The jellyfish's cells are often completely transformed in the process. Muscle cells can become nerve cells or even sperm or eggs.

In other words, it does a "reset".  This allows it to adjust in the face of environmental changes and rebuilt itself in such a way as to maximize success.

How many times have you had your IT people come up to you and say "if only you'd let us re-write/re-build the system, we could make all these problems go away"?  How many times have you sighed, shaken your head and patiently explained to them why such a move didn't make business sense?

Looking at the jellyfish, it might be worth considering.  If things aren't looking too good, maybe it would make sense to take another look at those persistent business problems.  If you can solve even ONE of them, it might allow you to rebuild your company.  After all, it worked for Flickr.

Related posts

• Mythic Monday – Immortality (1)

The Song or Roland tells the tale of King Charlemagne and his knight Roland.  The tale is long and complex (and nicely summarized here), but the important thing is near the end.

Roland and his knights are ambushed.  There's possibility of success, but they keep fighting on.  Roland has but one option remaining, and that is to sound his horn and summon reinforcements.  However, to require help would not honorable, and Roland would rather die than be dishonored.  Things get so bad that Roland's friend implores him to blow on his horn three times, and Roland in his pride, chooses not to.

Then, at the end, when all is truly lost, Roland finally sounds his horn and dies with the effort.  The king hears and comes to the battlefield and avenges the dead.

So, what can we learn from this?

I think that the most important lesson is pretty obvious:  blow the horn before everyone dies. Or, in modern vernacular, swallow your pride and ask for help.

It's no news to anyone that a lot of businesses are struggling right now.  The economy is in a state of turmoil, and while a lot people say that you can make money whether the stock market moves up, down or sideways, the simple fact is that things are hard when the future is even less predictable than usual.  Existing vendors may change your credit terms, clients may demand a higher value from you for what they're paying.  Competitors may choose to compete in ways that may not be ethical or fair.

What can you do about this?  There's one simple option:  ask for help.

There is a lot of talk about business being cut-throat and numerous stories about business partners that took advantage of one another.  However, at least in the small business market, the opposite is also true.  People help each other out.

Sure, there are high-priced consultants who will come in and give you advice.  There are also well-intentioned friends who might help you out for free.  But don't forget about the tons of mid-range business people that are willing to lend a hand for modest fees and/or the trading of services.  Odds are that there is a relatively workable solution to your business problem and a cheaper or more efficient way to do things.  However, if you never ask for help, you may never find them.

There is also no point of waiting until everyone around is dead or dying (or laid off) before you call for help.  If you wait too long, your business just serves as a tale of warning to others (much like The Song of Roland, actually).

Remember, we may be competitors, clients or vendors, but we actually are all in this together.  It does no one any good to stand by and idly watch as small businesses fall like dominoes. We can help each other out... so long as we know who to help.

Related posts

• No related posts.