Chapter 5 of Management Information Systems, Eighth Edition discusses data mining. This is an analysis of data that discovers patterns and helps companies gain a competitive advantage though the decision making process. This made me think of an article that Bruce Schneier wrote for Wired titled: Why ‘Anonymous’ Data Sometimes isn’t. In this article Bruce discusses Netflix’s decision to publish 10 million anonymous movie rankings “as part of a challenge for people to come up with better recommendation systems “. Researchers, not looking to create a better system, were able to compare this data with reviews at IMDB to de-anonymize the rankings. Bruce tells us that the algorithm used to mine these two data sets is very efficient. It can overcome obstacles like randomization, changing timestamps, and the addition of deliberate errors. Even though the threat of knowing how a person ranks movies is marginal; the article goes on to discus mining for people’s identities in other anonymous data warehouses. Overall this article was very good and left me with a lot to think about.

This article does a great job explaining the trade off we are making, but don’t have too.

Security and privacy are not opposite ends of a seesaw; you don’t have to accept less of one to get more of the other. Think of a door lock, a burglar alarm and a tall fence. Think of guns, anti-counterfeiting measures on currency and that dumb liquid ban at airports. Security affects privacy only when it’s based on identity, and there are limitations to that sort of approach.

Read more…

Today messing around at TouchGraph I tried CISSP in the google graph app and came across an interesting relationship. See attached pdf.

Touchgraph per their site makes “…rapid use of your information by navigating it visually, discovering patterns, and quantitatively analyzing what you observe.”. I would think its a qualitative analysis, but that’s besides the point… Read more…

Networking or creating new relationships that are mutually advantageous is not a new concept¹. This has been touted as a path to success since, well forever. Organizations have been created, events held, and small groups populated with people with this propose in mind. With that said it is only natural for this medium to progress to the internet². As with every new and existing technology, this presents a new set of threats to all parties involved.

While most people are focusing on the positive traits this service provides, Information Security Professionals are or should be focusing on threats associated with LinkedIn. LinkedIn is a popular social networking site that focuses on professionals and establishing new relationships. Users of LinkedIn are encouraged to post their past and present employers and the experience they’ve gained. It’s a great service to connect with past colleges and future employers. As LinkedIn puts it:

LinkedIn is an online network of more than 17 million experienced professionals from around the world, representing 150 industries.

Through your network you can:

• Find potential clients, service providers, subject experts, and partners who come recommended
• Be found for business opportunities
• Search for great jobs
• Discover inside connections that can help you land jobs and close deals
• Post and distribute job listings
• Find high-quality passive candidates
• Get introduced to other professionals through the people you know

http://www.linkedin.com/static?key=company_info&trk=ftr_abt

For the working stiff these things can be great avenues for rewarding relationships or employment. With all this appeal and ease of use its understandable why LinkedIn is growing very rapidly. But these same features that make it so great are also its greatest threats. LinkedIn can be the cause of data leakage used for stealing client lists, competitive intelligence gathering or social engineering attacks.

Recently we’ve noticed a growing trend on LinkedIn. Many people are not only adding the people they currently work with or have worked with in the past, but also adding client or customer contacts. This presents the opportunity for an employee, disgruntled or not, to take one of your companies most valued assets, the “client list”. To add ease-of-use to the equation LinkedIn offers many application integration options including Microsoft Outlook; the same Microsoft Outlook that also syncs with SalesForce.com, Microsoft Business Contact Manager, or any number of other CRM packages.

Your competitors also may find this as a gold mine of information. Not only are they able to view your clients, but also they can view any current or completed projects your employees value as experience. This may provide them insight into future offerings or internal processes that you value as trade secrets. With this information in hand your employees have provided your competitors information needed to devise strategies that may help them to win a competitive bid or capture a market.

As if this weren’t enough to worry about, it’s also a treasure trove of information to any hacker worth their weight in salt. Much of the information on LinkedIn is presented to show a person’s competencies. For instance an employee may provide a list of technologies used. This should provide potential employers information about that persons skill set. It also provides an excellent source for hackers to gather information for potential exploits needed to gain access to the information you so closely guard.

Curious about how much information is out there about your company? Register at LinkedIn and search your company’s name. Pick someone from the list, review their profile and look through the connections they’ve made. Do you see clients? Do you see technologies used inside your company? What you do with the information you find there is between you and your acceptable use policy. I’d urge you to review and update it to reflect these threats and others associated with social networks in general.

Resources

1. http://www.google.com/search?q=define%3Anetworking&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
2. http://www.m-w.com/dictionary/networking
3. http://www.cirt.dk/tools/paper/LinkedIn.pdf

Wow…

Isn’t she just the cutest!

Never be afraid to try something new. Remember that a lone amateur built the Ark. A large group of professionals built the Titanic.

I am was an avid runner and plan to start again. With that in mind a little info for the masses (Download the .doc):

Topic: Demonstrate how to calculate target heart rate range using the Karvonen Formula.

Terms

Karvonen Equation: Used to determine target heart rate.

Target Heart Rate (THR): Range for cardiorespiratory exercise.

Resting Heart Rate (RHR): Normal heart rate.

Maximal Heart Rate (HR_max): Highest possible heart rate.

Heart Rate Reserve (HRR): Difference between RHR and HR_max.

Intensity: range of 60% to 80%

Karvonen discovered that your heart rate must be raised by atleast 60% of the difference between RHR and HR_max. An adequate upper intensity is 80% of HRR.

Determine HR_max

Range is 180-200bpm in young people and decreases with age.

HR_max = 220 – age

Determine RHR

Best time to check is morning before you get out of bed or sitting quietly for 20 minutes. Best to check a few times a day over a few days and find the average. Using fingertips at the carotid artery (neck or wrist), count the beats for 30 seconds. Multiply by two do get your one-minute pulse.

The Karvonen Equation

THR = HR_max – RHR x intensity + RHR

My THR:

So maybe I need to get with the program, but I love batch files. I found a real gem running around the net today…

Article ID: 189105

&

Command line printer control

Some Mexican drug task forces have been reassigned to stop corn “hording”! Umm…right.

In just a few weeks tortillas have become the issue for the new government, which boasts a free-market agenda. The little golden disks made from corn flour are practically a symbol of national identity in Mexico. As prices have surged — by at least 30% in most parts of the country — Mr. Calderón’s political opponents are pushing their view that economic liberty is behind this assault on Mexican culture.  -WSJ (payment required)