The Information Technology (IT) Vocabulary Builder series aims to deliver a very concise summary of a currently relevant topic to Information Professionals.  It is done mostly by collecting a small number of highly relevant web links to save you the time of combing through search results yourself. 

The place where I saw the reference is here:

The UK Register – 3 men charged in $100m scareware scam:

“Federal prosecutors have accused three men of running an operation that used fraudulent ads to dupe internet users around the world into buying more than $100m worth of bogus anti-virus software…

The scheme often tricked users into purchasing multiple sham products, which were sold under names including Malware Alarm, Antivirus 2008 and VirusRemover 2008.”

You can learn more about our new term at Wikipedia. Here is how they define it:

Scareware comprises several classes of scam software with malicious payloads, or of limited or no benefit, that are sold to consumers via certain unethical marketing practices. The selling approach uses social engineering to cause shock, anxiety, or the perception of a threat, generally directed at an unsuspecting user. Some forms of spyware and adware also use scareware tactics.

A tactic frequently used by criminals involves convincing users that a virus has infected their computer, then suggesting that they download (and pay for) fake antivirus software to remove it.

A couple of other web resources are available:

• The ultimate guide to scareware protection | ZDNet
• Security Fix – What To Do When Scareware Strikes

I guess IT Professionals can learn something new every day!

So how do you think that this relates to Information Technology?  How do you think that it could be important to Information Technology Professionals?

Do you know of any other new IT terms that should be discussed?

That is my Information Technology Thought of the Day (ITTOD) for May 28, 2010  by Scott Coughlin.

Image credit: DHS

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

The Information Technology (IT) Vocabulary Builder series aims to deliver a very concise summary of a currently relevant topic to Information Professionals.  It is done mostly by collecting a small number of highly relevant web links to save you the time of combing through search results yourself.  

So, what exactly does hyperlocal mean?

This is how Wikipedia defines it:

“The term hyperlocal can be used as a noun in isolation or as a modifier of some other term (e.g. news). When used in isolation it refers to the emergent ecology of data (including textual content), aggregators, publication mechanism and user interactions and behaviors which centre on a resident of a location and the business of being a resident.

A new term used to refer to someone or something that is the best at connecting people, locally.”

Basically, it is the concept of focusing on the world within the span of your personal space.  Targeting marketing to a single person, for example.  Or you searching and caring about only things that impact of influence just you.  If local interests are a subset of regional ones, then hyperlocal interests are a further subdivision.  Negatively, it is the concentration of your concern to just you with little regard for the space outside your arm swing.

So what is the connection to the Information Age and Information Technology?  Before our current tech age, focusing on a personal space this small was impossible.  It is only through the massive data sets that are freely available on the web combined with the processing power locally and that is mobile that one can even consider this sort of laser focus.  You can’t get hyperlocal news from a newspaper, it has to appeal to too many readers over too large an area.  You can’t get it from TV that has an even larger span with even less ability to target an ad campaign.  No, you can only get this from one person, access to the Internet, and the ability to search and cull. 

The implications to society, individuals, marketing, news delivery, and content generation are huge.  IT Professionals need to understand, employ, and relate to this paradigm change in information processing.

Here are some other great sites that discuss this issue:

• New York Times – ‘Hyperlocal’ Web Sites Deliver News Without Newspapers

• hyperlocal 101

• hyperlocal.org

I hope that helps you.  Enjoy the new word!

That is my Information Technology Thought of the Day (ITTOD) for April 21, 2010 ©Scott Coughlin.

Image Credit: The Florida Project Learning Tree

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

The Information Technology (IT) Vocabulary Builder series aims to deliver a very concise summary of a currently relevant topic to Information Professionals.  It is done mostly by collecting a small number of highly relevant web links to save you the time of combing through search results yourself.  

So, what exactly is a “Zero Day Attack”?

This is how Wikipedia defines it:

“A zero-day (or zero-hour or day zero) attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others, undisclosed to the software developer, or for which no security fix is available. Zero-day exploits (actual code that can use a security hole to carry out an attack) are used or shared by attackers before the software developer knows about the vulnerability.

The term derives from the age of the exploit. When a developer becomes aware of a security hole, there is a race to close it before attackers discover it or the vulnerability becomes public. A "zero day" attack occurs on or before the first or "zeroth" day of developer awareness, meaning the developer has not had any opportunity to distribute a security fix to users of the software.”

Please understand that I am not condoning, approving, or commenting on the morality of this issue, just pointing out a popular word that should be understood by all Information Technology Professionals.

Here are some other great sites that discuss this issue:

• WiseGeek.com – What is a Zero Day Attack?

• WatchGuard.com – Zero Day Protection

• FoxNews – PowerPoint Zero-Day Attack May Be Case of Corporate Espionage

I hope that helps you.  Enjoy the new word!

That is my Information Technology Thought of the Day (ITTOD) for March 16, 2010 ©Scott Coughlin.

Image Credit: The Toilette Paper Entrepreneur

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

I came upon the word, Hacktivism, today, and I honestly had never heard it used before outside of the news.  I surmised that it must be starting to be mainstreamed. 

This is how Wikipedia defines it:

“Hacktivism (a portmanteau of hack and activism) is "the nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development."^[1] It is often understood as the writing of code to promote political ideology – promoting expressive politics, free speech, human rights, or information ethics. Acts of hacktivism are carried out in the belief that proper use of code will be able to produce similar results to those produced by regular activism or civil disobedience.”

Please understand that I am not condoning, approving, or commenting on the morality of this issue, just pointing out a new word that should be understood by all Information Technology Professionals.

Here are some other great sites that discuss this issue:

• The Hacktivist

• Wired – Hacktivism and How It Got Here

• Info War – Activism, Hacktivism, and Cyberterrorism

I hope that helps you.  Enjoy the new word!

That is my Information Technology Thought of the Day (ITTOD) for March 12, 2010 ©Scott Coughlin.

Image Credit: Cafe Press

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Today’s term is Single Sign-On.  This is how Wikipedia defines the it:

“Single sign-on (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them. Single sign-off is the reverse property whereby a single action of signing out terminates access to multiple software systems.

As different applications and resources support different authentication mechanisms, single sign-on has to internally translate to and store different credentials compared to what is used for initial authentication.”

Essentially, it is the practice of setting up one, very-high security fence for your users to cross.   Once they pass this tough security check-point, then they have ability to use all of the system resources without having to deal with another user-intrusive validation procedure.  If your information system is a castle, then the single sign-on is the main gate and the computing resources are all of the shops in the castle market that is inside the walls and moat.  The opposing model is one, very similar to the Internet, where users get asked for differing usernames, passwords, and security tokens before they get access to individual pages, databases, and programs.

Single Sign-On protocols usually invoke very hard security requirements to make sure that users are authenticated, validated, and properly approved for access at that once check.  Solutions usually involve some or all of the following:

• Usernames
• Strong passwords or Personal Identification Numbers (PINs)
• Hardware Tokens
• Random number generators
• Digital certificates
• Access Control Lists
• Smart cards

Here are some of the reasons why one might be interested in instituting a single sign-on solution:

• Users are more willing to be inconvenienced with complicated security protocols once and actually follow them.  This means that you can really come up with a high-powered “lock” and they will be willing to use it.  This prevents the “writing the password on a sticky” problem as well as the one password for many places challenge.
• Having a single repository protocol for security services permits less vulnerabilities due to software or hardware faults.
• Troubleshooting of security processes is significantly simplified when only one system is in use.
• Vendors can develop products for your system and evoke security as a service.
• Disavowing a user is simplified for human resources because they only have to expunge them from one service vice many.
• You can use completely open source services to maximize forward looking compatibility.
• Alternatively, you can use completely proprietary systems to employ “security through obscurity” concepts and be comfortable that you can replace the entire single-sign on component at a future date if desired or required.

As you can see there are potentially many reasons to consider a cross grade.

What are some of the disadvantages?

• Complexity.  These solutions are rarely easy, simple, or straight forward.
• Installation Expense.  Good solutions require investments in people, products, and training.  This is not the place to short change.
• Recurring Expense.  If you choose solutions that require hardware tokens or third-party certificates, then you will be stuck purchasing them forever.
• People.  If you only have one gate, then you had better make sure that your gate guards know what they are doing and how it works.  If you choose an obscure or complicated system then you need to be ready to pay for the right people here.
• Fault Tolerance.  If you have one gate and it gets stuck up then you entire system is out of commission.  You need to have back-up plans that don’t remove all of the security advantages of the Single Sign-On system by creating back doors.

Here are some of the best links on the subject that I found in my search of the web:

• Wikipedia – Single Sign-On.  Contains a great pros and cons as well as resources section.
• The Open Group – Single Sign-On.  Contains open source specifications, solutions, and white papers.
• IBM – Build and implement a single sign-on solution. Industry best practices, Java implementation guide, and commercial products to achieve goals.
• Novell – Secure Login Solutions.  Includes ROI calculators, product comparisons, implementation guides, and white papers.

I have used many Single Sign-On solutions.  Overall, I think that if you properly procure the solution after a formal process of defining your requirements, manning for success, and training your people the benefits of these solutions far outweigh their costs.  I am a big proponent of their employment.

Hopefully, this introduction to the vocabulary word was valuable for you.  Considering all the options for optimizing knowledge management is a core competency of all Information Technology Professionals.

That is my Information Technology Thought of the Day (ITTOD) for February 11, 2010 by Scott Coughlin.

Image Credit: Positiv-it

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.