Spy Bugs May Be Tracking Your Every Move

Attendees at a recent education conference were handed out “smart badges” for the “ultimate learning experience”.  The smart badge tracked their every move as they walked about the conference and exhibition hall. But little did they know that someone with bad intentions could also track them as if some spy had just planted a tracking device on their person.

Thanks to Doug Levin, a cyber security expert, we know that a free smart phone app can be downloaded and used to track each one of the little bugs handed out to conference attendees, just like James Bond. As he stood on a train platform bound for the conference he was able to identify over a dozen conference attendees.  During his train ride he could identify attendees as they got on the train. When he caught his flight back to DC, he was able to identify two bags containing the smart badges packed by attendees. Are you squirming in your seat yet?

The smart badge could be the “ultimate stalking experience”. Imagine attendees of a NRA, DNC or GOP conference who are being targeted by less than mentally stable human beings. There’s plenty of that kind of hate going on in the world today. All it would take is to download the free app and the motivated attacker now has a weapon in their arsenal that previously didn’t exist.  Or imagine someone trolling hotel rooms looking for attendees. Not a good scenario.

The idea of not having to pull out an ID badge may be cool, but the risks have to be clearly identified and controlled.  Active devices like RFID chips and the “smart badge”, which works using Bluetooth, have some inherent security issues.  They are easy to read and hack.  Passive IDs like driver’s license, barcode badges, UPC codes can’t be hacked.  The user has to actively submit the ID to be read, giving it a fairly high level of security.

The moral of the story is, be careful about jumping on the high-tech band wagon, especially when it comes to your own safety.

A New Framework for Business Applications

When a user logs into a business application, they rarely think about what went into the design, or how it works.  They are only interested that it allows them to do their job, simply, efficiently and trouble free.

The business application designer, on the other hand, is very concerned about how it works. Is it secure? Is it scalable? Does it have good performance? And many other question, the most important of which is, does it meet the needs of the user?

Web based business applications in the past weren’t always very secure, and changes and implementation were often difficult. And the ability to run on different devices was almost impossible, often resulting in one site being designed for tablets and smart phones, while another was designed for desktop users. It was frustrating.

Today we have the introduction of different frameworks that solve many of the problems of the past.  The Bootstrap framework gives a designer the ability to design an application that will conform to any device, without having to design one application for a smartphone and another for the desktop.  It goes further. It provides a standard, giving the site a specific look and feel to the user, and is completely customizable.  This has been a great step forward in delivering an elegant looking, full featured site to the user.

The MVC framework, which stands for Model, View and Controller, divides a business application into three separate parts. Each part is responsible for a different function of the application. The Model is responsible for defining and interacting with the database, making sure that information coming in from a user conforms to specific standards.  It reduces the impact of the garbage-in, garbage-out problem because it can be highly structured independent of programs that utilize the data. In other words, it is a bulwark against “bad data” if properly designed.

The View is responsible for delivering a web application page to the user.  Its focus is providing the user with the look and feel, as well as the ability to navigate through the site. Since it is decoupled from the Model and Controller, the experienced designer can make full use of breaking the View down into reusable components that can be linked together dynamically when a user requests a specific page.  By that, I mean that the navigation can be separate piece that is used by numerous pages, the footer can be another, and on and on. Forms and tables can be given intelligence, the ability to communicate with the server. You’ve seen this many times. When you begin typing a Google search a list of possible search queries is presented with each stroke. That is because the View is communicating with the server to provide this information in real time – the View can be interactive and intelligent.

The Controller is responsible for directing traffic and delivering the right information. You, as a user, enter a URL in the browser of your computer or smartphone. That URL is sent over the Internet and finds its way to the Controller, which examines your “request” and determines what data is required via the Model and then sends that data to the View, which in turn sends a “response” out over the Internet and back to your computer. All of this is done in the blink of an eye.  The Controller is the first line of defense for security and since it has great responsibility, processing requests and delivering responses to you, the user, it must be designed to be very efficient, reliable – and secure.

The Microsoft ASP.NET MVC framework was conceived in December of 2007.  It wasn’t mature until version 5.0, which was June of 2013.  Just last year, 2016, MVC Core was introduced that allows a web application to be compiled for various operating systems, Linux, iOS, Android, and of course Windows.

However, these things are not the “new framework” that I thought about when I began writing this article. They are recent and fairly new.  They are something you need to understand since they serve as a foundation for the “new” framework that I am going to discuss.

The new framework has to do with the way in which the Controller is designed. The Microsoft MVC business application is written in the C# programming language. Unlike PHP, it is compiled, translated into machine code, which can be much faster and more secure than a scripted application. If a hacker (or disgruntled employee) gains access to your server and steals your old uncompiled application, they know exactly how your business works and where it is vulnerable. They cannot do that with a compiled application because all they will get is an executable and won’t have access to your business processes.  And if  the system is designed right, won’t even be able to access your data. That’s a pretty important difference, don’t you think?

The real power of the new framework and C# programming language is that you can build something called a “class”.  A class is an object that you can create to perform a certain task. For example if I create a class called GetContactInfo(contactID), all I have to do is make a request to that class by supplying an ID and it returns all of the information I need for a contact. Now, if a request of this nature is needed in a dozen different places by the business application, the class doesn’t have to be created by the programmer each and every time.  It is created once and used many times.

What has this got to do with the Controller?  It allows the system designer to build a Controller that has very few lines of code because it is retrieving what it needs from these class objects that are talking to the Model and doing all of the processing. It makes debugging easier because a problem can be isolated, and when it is fixed in one place it is fixed everywhere that class object is called.  Easier to maintain and more bullet proof.  It also means greater productivity, less cost and quicker turn around times.

The bottom line is that business applications can now take advantage of new technologies and the business entrepreneur can focus on innovation and process improvement with faster turn around times.

 

Primal Leadership

I’ve read some of Daniel Goleman’s work regarding Primal Leadership, and the over-riding thought seems to be, “The fundamental task of leaders is to prime good feeling in those they lead.”

One of the reviewers of Goleman’s book on Amazon wrote, “You may find yourself jumping up and down screaming, “Yes! Yes! Yes!,” to the book’s persuasive demand for better leaders, but you’re inevitably left whimpering, “Now what?””

So, the question is, how do you prime good feeling in those you lead? In other words, how do you inspire trust?

What I’ve discovered in 40 years of management, most of those being an avid student of Dr. Peter Drucker, is that the quickest way to “establish good feeling” with those on your team is occaisionally spend time with them, one on one, ask a few direct questions, and then “listen” to what they have to say. By letting them know that they, and their ideas, are important to you, does a great deal to promote a healthy relationship. (By the way… the same things applies to a healthy marriage.)

My favorite question, that I call the “magical 5 words” is: “What needs to be done?” When asked it can have amazing results. But don’t be surprised that when the first time it is asked, you get the “deer in the headlights” look. Because it is rarely asked, most of the time people are told what to do. But when they realize that what they think actually matters, and that somebody on the other end is listening, it engages their thinking on a higher level and has a synergistic effect on the entire team.

Team Building from the Inside Out

Are You on a Dysfunctional Team?

It is alarming that over 80% of all businesses are dysfunctional to one degree or another. According to a study done by the Harris Interactive ¹, which polled over 23,000 people, many businesses have significant problems and need to take a closer look at their operations.

Here is how the people responded to a small portion of the survey, known as the xQ Questionnaire:

• 91% of the people working in business do not understand the goals of the team or department they work with. They have no idea “why” they are doing their jobs or what success looks like.

• 84% said that their teams do not work together to plan or achieve their goals.

• 85% said they did not have the resources to perform their jobs. This is a startling statistic.

• 90% said that team members do not hold one another accountable for their commitments. They fail to work together as a team.

What if this type of environment existed in a football team? Let’s examine what would happen.

Only one player on the team would know when they scored a touchdown. Everyone else would be running around the field fighting for the ball and expending a lot of physical and emotional energy but they would not know when they were successful and scored a touchdown. 91% of people polled responded that they do not understand what their goals are when they take the field and prepare to play the game in business. Is it any wonder that so many people hate their jobs? They are never fulfilled in knowing that they were successful and scored a touchdown. They don’t even know what a touchdown looks like. People get trapped in a routine and end up losing their enthusiasm, which results in half hearted efforts and poor service – not to mention dreading Monday mornings.

Only two players are working together and running the same play. The rest of the team either don’t care or don’t understand their positions on the team. How can a team move the ball down the field if only two of them are working together? What might be worse is that the other members of the teams are running different plays when the ball is snapped. 84% of people working in business say that their teams are not working together to achieve their goals. In the movie, “Cool Hand Luke”, the main character, Luke, is anything but a team player. He defies the prison environment he finds himself in because he knows it is broken. At one point, after a confrontation, the head prison guard tells Luke, “What we have here is a failure to communicate”. According to the survey, only 16% of the people surveyed feel they are communicating and working together as a team, the other 84% feel disenfranchised in a broken environment.

Only two players have invested the time to memorize and practice the plays. Everyone else is on the field but they are not prepared and may have even forgotten to bring the ball! They are not engaged or committed. When was the last time you walked into a store or restaurant and waited for a long time before they even noticed that you were there? According to this survey, you have close to an 80% chance of coming into contact with someone you are paying for service who either doesn’t care or isn’t involved in the process.

Only two players on the football team have complete uniforms. The rest of the team is missing helmets, shoulder pads, etc. Can you imagine if you sat down to watch the Super Bowl and the team showed up on the field and they did not have the right equipment?! Yet, only 15% of the people polled felt they had the resources to perform their jobs! Why have the coaches in our businesses allowed this happen!?

Perhaps the saddest statistic of all is that only one player on the field, out of the entire team, is motivated to win and holds other team members accountable. Can you imagine how frustrating it would be if you were the only one on the football field who cared about scoring a touchdown?

What To Do

What does one do if they are a member of a dysfunctional and broken team like Cool Hand Luke?

Go to your boss and tell him/her that you want them to be successful and your team to be more effective. Then ask him/her two questions:

1. What do I or my team do that helps you do your job?
2. What do I or my team do that hampers your ability to do your job?

Put the focus on how you can make your boss more successful, because if you help them succeed, you’ll likely succeed. People are looking for people they can trust, people who have their back – these folks are rare and usually cherished.

Then, write down the answers and ask your boss to give you time to think about what can be done. Talk to your team about it. Then, respond in a week or so with suggestions and get his/her feedback before making changes. Repeat the process at least once a year.

There are numerous examples of this working in real life, but one must have the courage to ask the boss these simple questions. One example was a fellow who had a team that created a fairly complex weekly report for his boss. He would give it to his boss, and his boss would spend hours redoing it. It wasn’t until he asked what he became aware that it was hampering his boss.

What you shouldn’t do is write down a list of complaints and things that you or your team think need to be changed and take them to your boss and demand they be changed. He/she may not have the power or resources to change them and it tends to shut down the discussion. You need to establish communication that will help you and your boss to work together to solve the problem.

---

1. Harris Interactive, xQ Questionanaire, Commissioned by Franklin-Covey, 60 Corporate Woods, Rochester, New York 14623-1457, September/October 2002.

How Inspire Your Team

How do you get the best out of every team member? I think that first you have to recognize that you cannot “make” a great team member. The team member must have the desire to do the work necessary to become the best that they can be.

What can you do? You can inspire them. You can show them that you have confidence in them, thereby giving them an inner confidence. If they have worked hard to become the best that they can be, then they shouldn’t have fear of failure, and your job would be to show them that when they fail, it doesn’t mean that they haven’t made progress.

The beauty about sports is that it can teach you how to deal with life – and failure. Show me a person who hasn’t failed, and I’ll show you a person who hasn’t tried.

Here is a speech made by Knute Rockne to his players at Notre Dame. Not only does he inspire, but he gives them the overall strategy of how they will win the game! When I read this, even I was ready to run down the field!

“Now-w the success of any team men is based on team-play — the same as you’ve shown all year –: Sacrifice; unselfish sacrifice! These are the fellows they say are pretty good; but I think we’re better! And I think if we get ourselves keyed up to a point, and when we’re confident of that … why-y-y the results will take care of themselves.

All right, now. On the kickoff — if we receive, the zone men will drop back to the receiver and block long — that old Notre Dame style. If we kickoff — which the rest of the teams want — let’s run down fast — just as fast as you can run. And then we go on defense. And on defense — I want the center in and out of that line — according to the situation. Use your old head! And I want you guards charging through as far as you can go — on every play. Expect the play right over you every time –.

And the tackles — I want you to go in a yard and a half — and then check yourselves. Spread your feet — squat down low — and be ready with your hands and elbows, so you won’t be sideswiped. But I want the ends in there fast every play. Every play, but under control. And you men in the backfield there, I want you to analyze it before you move. If they throw a forward pass, a zone pass, wait ‘til you see the ball in the air — and then go and get it! And when we get it, boys, that’s when we go on offense. And that’s when we go to ‘em — and, don’t forget, we’re gonna pick on one last one tackle that is weak.

We’re going inside of ‘em, we’re going outside of ‘em — inside of ‘em! outside of ‘em! — and when we get them on the run once, we’re going to keep ‘em on the run. And we’re not going to pass unless their secondary comes up too close. But don’t forget, men — we’re gonna get ‘em on the run, we’re gonna go, go, go, go! — and we aren’t going to stop until we go over that goal line! And don’t forget, men — today is the day we’re gonna win. They can’t lick us — and that’s how it goes… The first platoon men — go in there and fight, fight, fight, fight, fight! What do you say, men!”

The Employee Turnover Problem

I was recently involved in a discussion about the question “Why do so many losers get hired and promoted?”  The discussion eventually led to how one reduces employee turnover.  Employee turnover is very costly, and is unavoidable.  The AMA did a survey that showed 25% of companies were ineffective at retaining high performing employees.

Employees no longer feel loyalty to their companies.  It has also been proven that financial incentives don’t prevent people from leaving.  Companies that offer bonuses and options are often the ones with the greatest turn-over.  Compensation should be competitive within the industry, but it is a bad strategy to use it to retain employees.

So, what works?  Spending time with subordinates and getting to know them.  The biggest complaint often heard is that “nobody listens to them”.   Peter Drucker said that, “Meetings are a symptom of bad organization. The fewer meetings the better.”  However, the one meeting that he encouraged and stated that 15 minutes was far too short a time, was the performance review.

Most companies have adopted the policy of quarterly, semi-annual or annual performance reviews.  This is far too long a period of time to wait to have a meaningful discussion with a subordinate.  Even when the performance review is held, it is usually an uncomfortable situation where surprises frequently surface.  And the policy of linking salary with this type of discussion makes it even more tenuous.

Drucker recommended frequent and relaxed conversations with subordinates, taking 30 minutes or more.  It often takes that long to build rapport and understand the problems they are facing.  Asking them questions like: What are your greatest areas of stress?  Is there anything that keeps you awake at night?, this is done before discussing the assignment and may expose problems that you can do something about.  After you develop rapport with a subordinate you can focus on the assignment that you delegated to them.  How are they doing in the assignment?  What roadblocks are they encountering? What can be done better?  Are there any skills that they feel need improving?  Do they feel like they are getting the support that they need?

The key is to ask questions, then listen to the answers and fix those things within your power.  If this was done, we’d likely have far fewer “losers”.

Hiring Best Practices

The biggest problem managers have in hiring people is that they believe they are a good judge of people. Peter Drucker said, “To be a judge of people is not a power given to mere mortals”.

The best we can do is to have a thorough diagnostic process. Candidates must be rigorously researched and tested. People should always be hired based on what they can do.

George C. Marshall had 5 steps for hiring people:

1. Marshall carefully thought through the “assignment”. What objective was this person being asked to achieve? Job descriptions last a long time but assignments change frequently.

2. Marshall always considered 3-5 qualified candidates. Then asked the question, “Does this assignment fit this person?”

3. Marshall studied the performance records of the 3-5 candidates and paid particular attention to the results they achieved, and how they were achieved. It is often the “how” that reveals their strengths.

4. Marshall always discussed their performance with former bosses and colleagues.

5. When the decision was made, Marshall made sure the new hire understood the “assignment”. The best way to that is by asking them to explain their strategy as to how they are going to be successful at the job. Then he closely monitored them for 90 days to see if their strategy was working.

Attack of the Zombies – How America is Vulnerable to Cyber Attack

Hackers from China launched a massive attack on several large network operations centers at 8:00am CST March 8, 2011.  As many as 1.5 million packets per second paralyzed the networks.  The perpetrators used malware to invade servers all over the Internet that have weak security. It’s called a distributed denial of service attack or DDoS for short. 

After the poorly protected servers were infected, they became zombies, listening for instructions from their remote mastermind.  When the command was given the army of zombie servers began attacking networks carrying an opposing political point of view.  Blogging sites such as WordPress and others have experienced such an attack in the past week.

So how much damage can an army of zombies do?  It is not so dissimilar to a zombie movie.  You know, the one where someone is talking to a friend and they don’t realize they’ve been infected and suddenly they turn on them and begin chewing on their necks.  You might think that these zombie servers are off in some third world country.  Not so.  Many are right here in our midst.  It is not as simple as AT&T cutting the cable to disconnect the threat.  The attackers come from everywhere.  It’s a zombie fest where you have to deal with blocking many zombies coming from different directions.  They can literally stop all communication dead in its tracks.

How much trouble can zombies cause?  Basically, when zombie servers attack, your network can become as isolated as those folks caught in the local shopping mall trying to fend off the zombies coming in through the doors, windows and breaking through walls.  We have become so dependent on the Internet that everything is subject to failure.  Even the phones can die because many now use voice over IP (VoIP) and transmit over the Internet.  It is a critical problem and a vulnerability for America.

Are there any weapons that will kill the zombies?  The answer to that question is yes.  Cisco makes a product that detects a potential attack and takes corrective action – as do other companies.  The problem is that many large network companies don’t use them.  In the case of large Internet companies like AT&T, they don’t discriminate and send packets through regardless of their nature.  They make no attempt to distinguish zombies.  It is left up to the network operation center to fend for themselves.  An operation with a big budget can afford this kind of equipment but it is still out of reach for a small operation.

The bottom line is that we know this is a problem for national security.  We even have a technical solution.  The question is what is the plan to protect American infrastructure?  I feel like the professor shouting Buehler, Buehler – it’s an ‘80’s thing.

References:

http://www.zdnet.co.uk/news/security-threats/2011/03/09/web-hosting-firm-hit-by-china-based-ddos-attack-40092070/

http://www.pingzine.com/codero-taken-down-by-ddos-attack/

Windows XP and 2003 at Risk

If you are the owner of Windows XP or Windows Server 2003 you are at risk of a pretty significant hack – at least for the time being. 

It’s an attack on the “Windows Help Center”.  The bad news about this attack is that some unwitting, or perhaps witting, genius at Google published how someone can execute the attack without considering the risk he was exposing all XP users to.  The fellow’s name is Tavis Ormondy, a Google security researcher.  Come on Tavis – use some common sense and do the right thing.  As a result of his error in judgement systems in Europe are experiencing a significant peak in hacks.  The U.S. may be next.

So, right now, as of today, if you are using Windows XP or running a Windows Server 2003 for your business you are at risk.  If you visit a web site that is exploiting the security hole your machine could be in big trouble – which is why I’m writing this article – to get the word out.  

The vulnerability exists in the Windows “Help Center”.  Yes – the same one that provides automated updates.  I won’t bore you with the details but you can download a temporary fix that will protect you from attack but it is not a permanent fix.  My understanding is that the download will also disable some help center functionality.  But I recommend you do it as soon as possible.  You can download the fix at http://www.microsoft.com/technet/security/bulletin/MS10-042.mspx.

This is probably a pretty good time to upgrade to Windows 7 if you’ve been thinking about it.  My understanding is that a permanent fix could be as long as 2 months away – due to testing and all of the other stuff involved in a release.

Here is an informative Computer World article on the subject: http://www.computerworld.com/s/article/9178084/Hackers_exploit_Windows_XP_zero_day_Microsoft_confirms

Back to the Future! Whatever Happened to Made in America?

Back to the Future!

If you are as old as I am (and I don’t consider myself ancient) you’ve lived through some pretty interesting recessions.  You’ve seen home mortgage rates at 17.5%, incredible inflation and economic hard times that were actually worse than what we are seeing right now (with the exception of the insane spending by the government which has reached new heights).  I know that’s no consolation to those of you who have lost their job, but I want to share a stupid idea that worked in the 1980’s during the Reagan Administration and I have no doubt would work again.

Before I get into the details let me ask you a question.  If you walk into WalMart, Target, Sears, Macy’s or any other store and picked up and item off of the shelf, how many would say “Made in America”.  I think the odds are that it would say “Made in China”.

In order to keep this simple I want to use a simple example.  Let’s say we are a tribe of hunters and we have a person who is much better at making bows and arrows than hunting.  So he stops hunting and trades his bows and arrows for wild game from other hunters.  He discovers that he can accumulate more wild game making bows and arrows than hunting.  Based on the labor and materials he can sell his bow and arrow for an equivalent of $10.  He is so successful that he builds a factory and hires people to make bows and arrows and the economy thrives.

One day he discovers that he can buy a bow and arrow from the tribe in China for $5.  It is almost as good as the one his factory makes and he doesn’t have to put up with all of the regulation, unions and taxes.  All he has to do is buy the cheap bows and arrows from China and resell them to his tribe.  So he shuts down his factory and tells all of his people that the tribe is now in the “Information Age” and it isn’t necessary for the tribe to actually produce things any more.  They all need to get retrained for the future.

Things go well for a while and everyone is happy because they are buying bows and arrows cheaper than what it would cost them to make them.  But after a year, the chief of the tribe is upset because he used to get a small percentage of each bow and arrow maker employed in the factory.  Now they don’t have jobs and the tribe revenue has fallen.  But the chief still needs the money and doesn’t want to cut spending.  So he goes to the tribe in China and asks for a loan until the tribe in America gets back on its feet. 

The tribe in China has been so busy making bows and arrows for the American tribe and the rest of the world that they have plenty of money saved up and they are glad to lend the money to their biggest and oldest customer.  After all, the tribe in China made $226.8 billion dollars in 2009 by selling bows and arrows to the American tribe.