It’s not just social interaction, à la Facebook et al, that has benefited and changed markedly through electronic enablement. So too has entrepreneurship, the raising of capital, and basic investing; and these are about to undergo further transformative change – if the Securities and Exchange Commission (SEC) gets around to ironing out some nuances in the Jumpstart Our Business Startups Act (JOBS Act).
To set the discussion, let’s suppose you have a great business idea, but you can’t interest big capital investors… and you need startup capital – what to do? Conversely, suppose you’re a solid citizen of rather limited means, but still would like to invest; yet, typical investment routes are not open to you by your lack of capital (in terms of qualifying-amount)…
NowStreetJournal hosted a recent New York City symposium, Women Transforming Our Financial Markets, which I was privileged to attend in December. It granted attendees a view to an upcoming evolution in financing, by virtue of a healthy discussion of CrowdFunding.
What’s sparking the evolution, and the whole idea of CrowdFunding? According to CEO and Founder Dara Albright, it is a basic need: The need for innovators, entrepreneurs, and small-to-medium businesses (SMBs), to be able to access the capital required for business start-up, development and growth. But that’s only half the story.
Concurrently, large numbers of small investors (the story’s ‘other half’) are seeking opportunities to invest – even if it means unconventional cutting-edge channels. In fact, smaller individual investors may not have enough capital to qualify for typical investments, but the sheer numbers of these small investors can make a meaningful combined investment in the aggregate; and therefore a contribution to a small business person’s total for necessary capital. Thus, we seek an enabling for a pairing of investors who may have been screened from participation in earlier days, with those seeking capital, who otherwise may not have had access to it through routine channels in days past.
Ms. Albright characterizes the current flow of capital as a “Circle of Big.” That is, Big Money that goes ‘round and ‘round between deep-pocket individual investors, such as the Warren Buffets; large institutions such as Goldman-Sachs; and favored entities such as “Government Motors” and other large private companies that are well-established. In the middle of the circle is Big Government, larding out favors, reaping the benefits of taxes, as well as receiving the largess of Big Money in the form of campaign contributions.
In her view, we’ve allowed Wall Street investing to become a game: One involving non-committal “flippers” and a handful of super-sized banking conglomerates, who run amok with our financial markets; all while preventing small investors and startups from ever pairing… and profiting.
Thankfully, modern times are yielding an entirely new view to a much more sensible approach – a “ground up” approach – to the flow of capital. A flow that goes to-and-from the entrepreneur/the innovator/the job creator, and back to the average American investor. And here’s where… wait for it… CrowdFunding comes in: Rather than a capital access-flow from mega-cap stock, mega-cap bank, and mega-institution, CrowdFunding puts the individual and small investor right in the thick of things.
This year, the SEC is working on legislation that will help to define this new environment, thus helping small investors and business innovators alike: Helping investors to invest, and businesses to access capital – for mutual reward.
If the SEC indeed clears the way, each’s standing vis-à-vis typical banks, public stock exchanges, the Reed-Hoffmans or Warren Buffets, will no longer be inhibiting, or relevant. Stay tuned.
– Increased usage of your CPU: You can monitor CPU usage with any number of tools, many of which ship free with your computer. Search for “Performance Information and Tools” on your system, or simply “CPU” and the like. You can also download freeware, but try to avail yourself of ones that are recommended through forums that you’re comfortable with. Ask friends and colleagues for recommendations. Google “computer forum” for some ideas, but vet these.
– Slow overall speed: If you experience a sudden drop in performance, it’s time for a full-system scan with your preferred anti-virus/internet security program. Remember to lengthen the time until Sleep/Hibernate modes (I keep mine fairly short), as many scans suspend themselves upon entry to these states, and they do not override. Related –
– Slow web browsing, and related poor performance: Watch for unnaturally long times for access to websites, and full resolution of the landing and subsequent pages. One incidence, or one slow site experience, is not cause for alarm – the problem may be with the site itself. Check a couple – if you’re running into problems with everyone, check things out.
– Difficulty connecting to networks, or lengthy times: This can be a reason to check out your equipment – but also, it’s possible that the problem may be on the other end – if other users of network resources are experiencing problems, call the system administrator or HelpDesk and give them a heads-up.
– Crashing/Freezing: If you’re crashing frequently, and experiencing “screens of death”, or if your system freezes for lengthy periods of time, with sudden bursts of drive/CPU activity after periods of frozen frustration, check things out.
– Missing files – modified files: Are you missing data? Are you suffering corruption to files? Speaks for itself.
– Appearance of new, unbeckoned, desktop icons and related: If anything shows up without your active solicitation and installation of it, be aware and check it out. Any files and/or programs that show up unbidden too.
– Spontaneous launch of programs, particularly unrecognized ones: Also watch for programs that are a regular part of your routine, and use, suddenly shutting down spontaneously, while in the middle of use. Also, recognize that malware can reconfigure or disable firewall programs, and antivirus software.
– Monitor your e-mail program carefully: Watch for e-mails being sent from your account that are not of your creation. If friends or colleagues report receiving strange e-mails from you, that you did not send, get corrections made quickly.
Any strange computer behavior should be checked immediately – you know your environment and your computing resources’ behaviors. Run anti-virus/malware cleanups on a regularized basis, and upon any strange activity. I never do partial-scans – stick to full-system scans if at all possible.
This is malware that lies in wait, and is harming. These are often referred to as Trojans. Often times it is triggered by a date. It can also be triggered by the simple launch of a program, or application – where it is embedded. In this case, from any systems’ point-of-view, a trusted user ends up launching the malware and granting its yield: That is, a user that has sanction within a system by virtue of login credentials, a corresponding set of system authorities and access, and consequently permission(s) to do various things with that system.
Recognize that that user can do things to the system, with the system, and through that system – thus the malware has the same enablements. The malware can do things to the system: changing it, disabling parts (or all) of it, modifying the system’s payloads and deliveries (stats, reports, etc.), render certain users’ or entities’ access useless, and on and on.
The malware can do things with the system: Using resources such as processor power, storage and bandwidth to blast information; to rip-off contacts for access to those, in assembling broadcast lists, to further distribute various content, even to further distribute and install malware.
In doing things through a system, malware can hide its true origins, making it appear that it is spawning its nefarious purposes and deliveries from your domain – and actually, it is.
Worse, Remote Access Trojans (RATs) open back doors to your resources, for purpose of remote control. Now, changes and updates are possible for “best” possible use and abuse of hacked resources.
Tomorrow, we’ll discuss another general area, Destructive Malware, and then we’ll delve into symptoms and a few more specifics.
Not all malware produces instances of horrendous harm. Some of it is simply a nuisance, in delivering unwanted content and add-ons – such as toolbars, or unwanted and even embarrassing content in the “real estate” dedicated to rotating ads on certain sites.
Spyware can rake a system for sensitive information, sending it back to the malware’s originator. This can inhibit system performance, and hence productivity, as the malware overtakes processing power, memory, possibly even storage, and bandwidth in surveying and shoveling information to those seeking it. Recognize too that there is yet peril here for other harm beyond nuisance: Identifying-information makes identity theft a potential, and in the case of organizations, sensitive business info can be ripped off and exploited: Business reputation is not easily recovered in many of these circumstances, and even when it is, it is of course a nuisance in the extreme to make that recovery.
Often times, malware is really nefarious in its nuisance-ness: There is nothing more discomfiting that not knowing exactly what is going on. A business colleague reported that his laptop had suffered an extreme degradation in performance: Looooong boot-up times [his routine became: 1) Start laptop, 2) Make and wait on a pot of coffee]; longer than usual sign-in time; then subsequent drive grinding. Launch of applications took about four times longer than usual, but this subsided after he’d been booted and logged on for 5 minutes or so – then performance was normal. The only other sign that something might be amiss, was a pop-up box that appeared for less than half a second – its appearance was so quick, in the center of the desktop, that you couldn’t read the title bar, but were able to see, or sense, an “OK” and a “Cancel” button – it disappeared to quickly to act on it.
He ran several utilities, but nothing seemed to help. Until: An update to his Norton utilities and a full-system sweep removed whatever it was – fortunately, after a few weeks’ hassle, he didn’t notice any ID theft or collateral systems’ breaches, such as the draining of bank accounts, PayPal, etc.
Keep all of your protections up-to-date. It bears repeating: An ounce of prevention is worth a pound of cure.
Next up: Controlling-malware
In continuing our awareness for cyber-crime, recognize that after an entity penetrates a network for access, far more than an episodic outcome can occur (such as a one-time theft of data or money, for example).
Beyond the sole-harming event type of experience, the insertion and ongoing residency of malware has to be considered. This represents a particularly gnarly problem, because ongoing control regarding systems can be manifested – and it may continue in the absence of an organization’s knowledge for quite some time – until various harming incidents stack up, or an accrual of thefts occur, until they gain a profile that bites hard enough to be noticed.
Resident malware can execute its code for particular outcomes, and recognition of these helps to monitor for them. In the next days, we’ll take a look at three basic types of malware:
Nuisance (perhaps delivering marketing-oriented spam, or provide for spying, etc.)
Controlling (to provide “back door” access, or takeover of systems by remote control)
Destructive (perhaps to destroy data, or plant false content, to harm reputation of the host. Destruction can also be used to remove evidence of intrusion).
NP: Joshua Redmond; Freedom in the Groove
No matter the nefarious goal of attack, subsequent entry, and exploitation, (such as those mentioned in articles below), there are basic steps for breaking your defenses, and taking advantage of the breach, that are common to all attacks.
– Exploration, or scouting, for potential targets: Breaching entities here are searching for networks and systems that have vulnerabilities. These vulnerabilities can include easily breached or guessed authenticating credentials, outdated and susceptible software, and missing or misconfigurated settings for both software and hardware. Recognize that in addition to hard, empirical, soft spots – such as easily hacked firewalls or default/too-simple login credentials, there is the liability of simple human failing. This is going to include an exploration for naiveté regarding phishing; that is, fraudulent e-mails that solicit sensitive data by posing as legitimate enterprise e-mail/authority. Also pharming, whereby fraudulent websites that pose as legitimate partnering/enhancing entities can glean registration, and thus make solicitation of sensitive data. Be aware too that once an outside entity establishes a relationship, any manner of “legitimate” download can be recommended and thus penetration made.
– Taking stock goes hand-in-hand with exploration, in expanding the knowledge gained regarding vulnerabilities. Correlation of known bugs regarding the software surveyed during exploration happens. Human error can be paired with what that person has access to, and breaching entities can then reference other people and specific knowledge in looking legitimate to others… climbing a ladder of access, into ever more rarified and sensitive circles…
– Penetration can be for any of the purposes mentioned in the day’s prior article, but also it can be to perpetrate simple Denial-of-Service (DoS) attacks, which will not only render networks and sites inoperable, but can also crash business reputation.
Next: The introduction of malware to the environment…
In continuing from yesterday, let’s examine cyber-crime in a bit more detail. Before we get into the actual mechanics of intrusions and rip-offs, let’s fully understand the true perils inherent in 2013’s modern environment – some important cyber awareness.
Most people think of cyber crime as identity theft, for purpose of stealing money from online accounts, or perhaps in order to pose as someone else online for whatever reason. Cyber bullying comes to many people’s minds That, and outright “hacks” into systems by breaching electronic perimeter defenses, and then exploiting whatever resources are within for the taking.
But there are a number of other nuances. Routine “spam” is bothersome, but spam also incentivizes other cyber-crime. Disseminators of spam aren’t particularly interested in paying for their own processing, broadband, and propagation means and infrastructures – and that’s where you (the individual or organization) comes in. If you’re insecure enough (from a systems and security perspective) to host, automate, and blast spam, then there are plenty of entities out there surveying for you and your associated vulnerabilities.
Credit fraud is big. A simple keystroke monitor can glean your, or an organization’s, credit card number and authenticating credentials – and away they go. Recognize that your SSN, address, bank account numbers, and all manner of other info and online accounts can be breached. Ouch.
There’s also the use of networks and resources for piracy, and the illegal transfer of data and information. You don’t want your company’s resources used for illegally passing music transfers, or other copyrighted material, for example. Nor do you or your organization want to be in the middle of electronic money laundering operations or tax evasion schemes.
Certainly government agencies are aware of cyber-terrorism, which can involve access for theft of secrets, flooding and disabling of critical systems, and breakage of systems through intrusion of malware. Too, false-information can replace legitimate content, confusing those people who rely on these sites for best information, best practices, and thus there is the subsequent hindering of allied cooperation between supporting/reinforcing agencies.
In 2013 and beyond, the stakes are too high to ignore the first step toward best-security postures: Modern Awareness.
For our first take-away in this series, recognize that Everyone with online presence should be a Security Officer of sorts. So, next, we’ll get to an awareness for both individuals and orgs.
As we enter 2013, many of us are excited by new projects, new enablements, and an expansion of systems and related capabilities. I always feel a sunny optimism when embarking on projects, and I anticipate the deliveries and related empowerments.
But there’s a corresponding dark side for every positive pursuit, and the tech realm is not sheltered from nefarious activities: The number of cyber-crimes grows with each passing month – we don’t have to wait for the turn of a year – and the result of bad outcomes is ever-more severe.
The beginning of the year is a nice time to focus and position ourselves in understanding some important things, so as to take effective action: The steps that cyber-criminals use to attack networks; basic types of malware utilized; and the things you need to use and do in order to stop attacks from being successful.
As we’ll see, we have to guard against reconnaissance (nefarious entities cruising around looking for vulnerabilities and easy marks to exploit), penetration (intrusion into the network/assets), insertion of malware (with resultant theft, corruption, exploitation, etc.), and in most instances, a protection of bad-activity by hiding the exploitation as it is going on, and covering tracks once done.
Here at the end of the year, how about a bit of frivolity? After all, throughout the bulk of the year, we’re quite serious about the technology we procure, use, progress – and on occasion replace. It takes quite a bit of effort staying informed, trained, and either performing the work ourselves or directing various staff and teams in doing it…
But what of Ms. Emma Orbach? She’s an Oxford grad who has pitched it all, essentially… having moved “off the grid” and into a mud house of her own design and effort. Ms. Orbach made the transition 13 years ago, moving into the Welsh mountains, where she grows her own food and fetches the water she needs from a nearby stream.
She has named her home “Tir Ysbrydol,” which is Welsh for “spirit land.” Ms. Orbach’s children do visit from time-to-time; they are in their 20s and 30s. However, being that the kids have not eschewed tech, even portable technology is barred from the home, and mobile phones, laptops, iPads, and any other devices are strictly verboten.
She’s not completely divorced from “the outside,” however. There is a commune not far away where she and a former husband had ties. Also, there are some nearby abodes in which she runs a “healing and retreat center” – there’s usually around half-a-dozen people staying there, presumably healing and retreating from… people like us and lives like ours?… (hey! I like my life! – lol), and these folks pay a “donation” – from which she is able to pay taxes, maintain the property, and purchase necessary grain.
Ms. Orbach doesn’t miss, in her words, “what is normally called reality.” She believes the quality of life in general is decreasing, even while the pace of modern life, and stress, is increasing.
Well… that may be. But ya know what? I was listening to some early Blues last evening, and I needed electricity. This is one of the best compilations, as a nice entry to Blues, that I’ve heard: Bessie Smith, Blind Lemon Jefferson, Mississippi John Hurt, Blind Willie Johnson, Bo Carter, Blind Willie McTell, Lonnie Johnson, Charley Patton, Leroy Carr, Josh White, Leadbelly, Peetie Wheatstraw, Robert Johnson, Blind Boy Fuller, Big Bill Broonzy, Memphis Minnie, Bukka White, Muddy Waters, Big Joe Williams, Son House, Washboard Sam and Sonny Boy Williamson.
I’m not moving into a mud hut any time soon. :^ ) But I admire this woman’s strength and conviction – it would be fun to talk to her.
Next up: I think I’ll spin the first Stones album.
Frankly: Why is this not 100%?
Almost every profession and discipline has been through, and continues to go through, embarrassing episodes due to “inside” personnel making exposures of information to the public, all-too-frequently through social media. A great example, local to me, is a large healthcare complex in town: Caregivers were discussing patients in a very critical manner on social media, and referring to them by name and room number. If professional people with special training, clearances, and access are falling prey to the temptation to gossip online, then imagine what juries are tempted to do, particularly absent firm direction and guidance regarding social media.
Note: This is not to say, or imply, that juries can’t be comprised of professional people. Nor is it to impugn very intelligent and savvy tradespeople, or intelligent, informed, homemakers and so forth; however, I don’t care how educated, trained, or experienced a potential jury member is in their area of occupation – absent appropriate care, concern, and caution regarding the discussion of cases on social media, that jury member is defective.
Many State Bar Associations and allied jury instruction committees have been releasing jury instructions for some time, in order to educate and remind members that the bar to discussing the case outside of court and outside of sanctioned jury deliberations, is strictly verboten – and of course this includes social media, e-mail, the internet, and anything else related, such as comment fields in news stories, live chats, and indeed “on the internet or on any electronic device including cell phones.” Hmmm… they might want to update that last with “mobile device.”
Judges are also well-advised to remind jurors of consequences such as mistrials and wasted time. Presently, abuse of social media will result in dismissal from the trial, but watch for that to change: Soon, I believe it is likely that discussion and divulgence of trial information to social and allied media by a juror will result in prosecution and punishment.