10 things to learn on March 27th

10 things to learn from the almighty WWW today:

After spending a decade or more as an executive recruiter working on early & growth-stage CEO searches, it seems worthwhile to take a look-back on some of the reasons CEOs seem to fail. In fairness, we’re a boutique firm, so the sample set isn’t hundreds of searches. However, it’s also more than anecdotal, as for every CEO search we’ve done, there was a high probably that there were several CEOs who had already come before our search, and in doing a thorough CEO replacement search, we are students of why predecessors failed in order to ensure we don’t repeat others’ past mistakes. Another macro observation is that these failures don’t seem to be different from practice area to practice area, or geographic region to geographic region.

The following 7 reasons below cover the vast majority of CEO executive failures we’ve seen:

Security policies need simplifying, expert says

Wood urged attendees at SecureWorld Boston Expo, Wednesday, to conduct a thorough review of company security policies, simplifying and focusing them to be more consistent with business needs.

"Policies are supposed to be the glue that holds everything together in a cohesive fashion," Wood said. "Management needs to support it … and psychologically the whole environment needs to be fostered around valuing security."

Companies are increasingly neglecting security policies and failing to enforce them resulting in apathetic employees, Wood said, pointing out a study of 890 IT professionals conducted by the Ponemon Institute in 2007. The study found that 87% of those surveyed used USB sticks to carry company information even though company policy prohibited them from doing so. Another 46% said they routinely share passwords with colleagues, despite two-thirds of them knowing that security policies prohibit password sharing.

Malware then and now a look back on the anniversary of the Melissa Virus

March 26, 1999, and David Perry is on vacation with his family. His phone rings and soon he is off to New York to address the media. There is a new virus online — the name given to it is Melissa.

Melissa was, at that time, the fastest-spreading virus in history; moving so fast because it arrived via e-mail with an attachment. Once the attachment — a DOC file that was supposed to contain porn-related passwords — was opened by the recipient, a Macro would trigger causing the DOC to e-mail itself to 50 more people from the victim's address book. The panic that ensued caused Microsoft Corp. to shut down its e-mail servers in an effort to prevent the virus from spreading.

Day Trading.Edu: 50 Free Open Courseware Classes for Investors and Day Traders

Do you want to learn about economics, finances, investing and day trading? You can learn about all these topics free online. Since open courseware often is associated with colleges and universities, many of the courses below from those sources focus on economics and finances.

However, if you’re interested in day trading and investing, you may need to rely on Web sites, books and lessons provided by experts in the field. You’ll find a mix of these sources in the list of 50 free open courseware classes for investors and day traders.

The list below is categorized and each link in every category is listed alphabetically. This methodology ensures that we do not value one resource over another.

20 Essential Tools for the New Consultant > Launching > Small Business

With companies pushing their employees off the plank into the sea of financial and professional uncertainty, one of the best options to take control of one's career is to start a consulting practice. A consulting practice is a good way to regain your self-esteem and an even better way to generate revenue.

I can speak from experience. A company I had run was bought by another company, and I had no immediate options. I always hated interviewing and preferred to have more control over my life.

Infiltrating a Botnet – Cisco Systems

Many teams at Cisco are dedicated to security research. One team recently investigated botnets with the goal of improving existing detection methods and discovering the techniques botmasters use to compromise machines. The team’s efforts were rewarded through their protection of an important customer’s network. Their discovery efforts also yielded extraordinary insights into the mind and motives of a botmaster. This paper discusses exploit protection and reports on the interviews the team held with the botmaster they encountered.

Typically, administrators patch vulnerable machines or deploy some sort of intrusion prevention system (IPS) to protect against exploits. Both approaches are effective the majority of the time, but neither approach protects systems against the uneducated user. These approaches may not even protect people who take their machines home if the IPS is network-based. The user who will click and run anything is the greatest threat to any network.

DIY Pentesting Lab – Evil Bytes Blog – Dark Reading

When building a lab focused on internal pentesting, there are two necessities: a good representation of your production network and known vulnerable systems to practice exploiting. Pentesting tools are also necessary but quite numerous and beyond the scope of this blog entry.

First, let's start with the vulnerable systems. Before you can become a good pentester, you need to practice enumerating systems and their services, exploiting them, using them for pivot points to gain deeper access into the network, scouring them for useful information and similar activities. Having vulnerable versions of the current operating systems and services in use on your network is best, but you can also use other exploitable resources.

10 Awesome Ways to Integrate Twitter With Your Website – Nettuts+

Web developers with social media savvy are in hot demand. Imagine what it would be like to promise your clients a web presence that is fully integrated with their Twitter strategy and makes it easier for their content to go viral on Twitter. Would be nice, no? Well — why imagine? The tools for web developers to add a touch of Twitter to any site are out there and easy to use. Trust us — your clients will love you for it!

There's no better time to start utilizing Twitter integration tools than right now. Here are 10 of the most useful ways to start turning your site readers (or your client's customer base) into Twitter followers, and vice versa.

50 Awesome Social Networks for Finance Geeks | Earn Accounting Degree.com

Learning about finance is so much easier when you can see first-hand what others are doing to achieve success. That’s the beauty of social networks with a focus on finance. The following social networks offer opportunities for finance geeks to contribute as well as learn from others. Whether you are interested in investing, business, participating in peer-to-peer loans, or personal finance growth, the following social networks are sure to help you make connections with others in the world of finance.

bit-tech.net | Researchers create BIOS malware

Security researchers Alfredo Ortega and Anibal Sacco of Core Security Technologies – as reported over on ZDNet – have successfully demonstrated methods for injecting persistent code into the Basic Input Output System (BIOS) of a computer, with the result that the infection is capable of surviving a complete OS reinstall and even a BIOS flash.

The code has been used successfully on both Windows and OpenBSD platforms, and even on a virtualised system via the VMware Player application. In all cases, the infection would re-initialise each time the computer was rebooted. Even by removing and re-installing the hard drive, the researchers were unable to remove the malware from the system.

Share and Enjoy: