Today I was reading about how a few banks have started to adopt a creative solution to increase the security of their web portals for online banking. I was quite impressed by what they came up with. They were using cell phones; specifically they were transmitting a security code to your cell phone that you would then use along with your password to logon to their portal. To me this seems like a great way to achieve two-factor authentication without the typical impact a user would incur. Now to get access to your account an attacker would need what you have, your cell phone, and what you know, your password, which would greatly increase the difficulty of any brute force attack. As well as thwart any phishing scheme or keylogger you might come across.
Since the code is also transmitted out-of-band i.e. through your cell phone and not the web, it requires access to both your username/password and your cell. With the password expiring in a short (10 min) time and only good for one use, it serves as good as any token could. With the distinct differentiation that most users carry a cell phone by impulse, where a token they would not. Another great benefit to the bank and possibly lead to a more wide spread implementation would be that the user already has the equipment necessary, a cell phone, which is not the case with a Token. Providing a security code through a cell phone could be the strongest, and most usable form of authentication we’ve seen yet in online banking.
Thursday, December 27, 2007
Tuesday, October 2, 2007
Art of Possibilities
I’ve been really busy lately and have not been able to finish a book in a long time, but I finally had some free time and was able to sit down and read Art of Possibility. What a good choice it was. While the book itself was all about changing perspectives and incurring change, well at least that’s what I took away from the book, I really liked the stories about his experience as a conductor, and inspiring young musicians. If you get a chance I would check it out.
Saturday, June 9, 2007
For the arts no doubt
My friend pointed my in the direction of Ben Zander, who is a very exuberant advocate for the Fine Arts. Check it out.
The Art of Possibility, by Ben Zander and his wife Roz Zander is definitely on my reading list, if even a portion of his energy is reflected in the book, it should be a great read.
The Art of Possibility, by Ben Zander and his wife Roz Zander is definitely on my reading list, if even a portion of his energy is reflected in the book, it should be a great read.
Wednesday, June 6, 2007
Oh my look at those Feature Sets!
I love TED presentations, they’re great! I was watching a TED talk by Barry Schwartz, and he gave a very intriguing presentation on the effect of choices. I believe it is a great talk for anyone who has influence on UI, in any product or service, since we have to make decisions as to creating a feature (setting) rich environment or a simplistic subset, and the associated opportunity costs.
I really enjoy the points which he makes as to with more options you have more expectations, and are less, if not impossible, to satisfy. No excuse for failure, with choices you do better but feel worse. And while this presentation mostly focuses on consumer choices, such as the quantity of different salad dressings at a super market I believe the basic concept can be applied to most user interactions, from software UI to marketing. To often we provide the user more options than they ever would desire, with the excuse of providing options, when in reality we’re just creating disappointment. This presentation just reenforces my belief that less is more, when considering options.
I really enjoy the points which he makes as to with more options you have more expectations, and are less, if not impossible, to satisfy. No excuse for failure, with choices you do better but feel worse. And while this presentation mostly focuses on consumer choices, such as the quantity of different salad dressings at a super market I believe the basic concept can be applied to most user interactions, from software UI to marketing. To often we provide the user more options than they ever would desire, with the excuse of providing options, when in reality we’re just creating disappointment. This presentation just reenforces my belief that less is more, when considering options.
Wednesday, April 11, 2007
Phishing for you
With the growing number of illegitimate emails sent growing into the billions, the chances of one getting through your spam filters grow everyday, but what happens when its worse then spam, and confidential information is in the balance? Through this web log we will walk through a simple phishing scam and ways to protect yourself and your company.
The Victim
Sandy considered herself an avid ebayer, she used to go to garage sales ever weekend, but since she found eBay it was like having all the worlds garage sale all the time. So now instead of going out Saturday morning looking for stuff, all she had to do is log onto her computer and start searching for the things she wanted. She could look anytime she wanted.
By this point in time she was used to getting emails from eBay, and other eBayers about product and auctions she won. But today was different. Today she received an email from eBay informing her that her account information was out of date and needed to be updated, else her account may be disabled. Not wanting her account to be disabled, she clicked on the link in the email and logged into the website.
Upon logging in she was greeted with a message that informed her that her bank account number that was entered was invalid, and she needed to re-enter it to update her information. After entering the bank account she was thanked for her cooperation and informed that the account was now up to date. Glad that her account wasn’t going to get locked out she decided it would be a perfect time to check on her auctions.
The Attacker
As a web developer I found myself jumping from contract to contract, never staying at one place. This was getting ridicules though; I was out of work for four weeks and didn’t have any prospects for a new contract any time soon, to top it off I didn’t have any savings left. So I figured I would put my skills to work for myself, and create “my eBay.” It would be a place for eBayers to come, and give me access to their accounts information.
The plan was simple really, just lift eBay’s layout so that people thought that they where really at eBay when in reality they where logging into my site. Once logged in I asked nicely for there personal information and thanked them kindly. I always found people where much more responsive when you thanked them after a job. So I went about setting it up, the site and sending out emails to possible eBay users.
The Description
Phishing is a form of Social Engineering where in one form an email will pose to be from a legitimate company. This email is normally phrased in a way to eliciting information from you that could cause the loss of company, financial, or personal information. It elicits this information by building credibility as the legitimate company, then create a plausible, and urgent reason for you to act on that information.
This could be through the use of a form in the site that looks like it sends the information back to the legitimate site, but in reality send the information to the fraudulent site, or executing an action on the phishing server. It is also implemented through fake sites that mimic the legitimate location, and may even pass-on you and your credentials to the legitimate site after acquiring the information they desire.
- Phishing is a psychological attack and as such requires psychological training to combat them. The best course of action is to be aware that these types of attacks are possible, and to be wary of any email that elicits private information.
- Credible sites should never request any personal information through an email. If you do believe that the email is legitimate and that the site needs information always go directly to the site from a web browser, and not through links or forms provided in the email itself.
Phishing is a growing way of obtaining private information from people, avoiding the difficulties normally associated with breaking into the system itself. Effectively eliminating many of the safe guards a typical security perimeter implement for protection; leaving corporate, financial and personal information protected only through you or your users ability to decipher legitimate emails from fraudulent ones.
There is no golden bullet to prevent phishing, however there are things you can do to reduce the threat. First is to understand the phishing is more that spam, it’s more like a virus. For corporations email addresses from the website should be removed, and address standards reviewed, to verify that they aren’t easy contrived. Next education is crucial to increase Phishing awareness and appropriate responses, such as the ability to proper identify phishing attempts, through verification of the sender, message content, and links.
Sunday, April 8, 2007
Typography
Typography is a beautiful, powerful thing; too bad its not really used much any more. When used effectively Typography can be a brilliant medium to convey a message. Watching the 2005 keynote of OSCON, I was pleasantly surprised to see the use of Typography to convey the concept of Identity 2.0. Whether you are interested in the concept of Identity 2.0 or not, the deliver of this presentation is brilliant. Its a powerful instrument especially when utilized to create emphases within a presentation, such as in this keynote address.
Dick Hardt, 2005 OSCON keynote
Tuesday, March 20, 2007
To lunch or not to lunch
First of all I’m a fiend for outdoor bistros, I think they are the greatest thing since slice bread when the weather is nice. Yet no one seems to have them in the western states. So when I was down in Boise this last weekend, I was ecstatic that not only was it great weather but their was a patio open for lunch. Not knowing what it was or how good they were I was determined to try them based on the patio alone.
Once we sat down and received our menus, I finally was enlightened as to what we where going to be having for lunch, pizza. So after finally narrowing our choices down to two, we inquired as to whether we could have half and half, making everyone happy. Of course we where pleasantly informed, so delving back into the throws of our order we finalized our decision, everyone in agreement at last. Or at least we thought. On return of our waitress, we where devastated, baited without all the terms and conditions, we were. While we could still do half and half, we would have to start with the traditional, and add toppings, resulting in a price almost equivalent to the two pizzas on their own. Delivery was key, since we had already established a heighten expectation; this information was more impact full now than if the option had never been available. What cunning deception, not deterred we returned to the negotiating table to pound out our order.
Through pure determination we narrowly came to an agreement on a pizza, with one stipulation no spinach. As our terms and conditions where presented to the waitress, we calmly waited for a response, while a turbinate river raged inside us, desperately waiting to see if they would be accepted. Which to our joy they were without any counter.
In what seemed like an eternity we waited for our food to arrive, grateful when it finally did. To our dismay the terms and conditions had been breached, there it was in plain view of everyone, spinach. This matter was escalated; the upper echelon of management was now involved. In an effort to gain control of the downward spiraling situation, they purposed a complete scrap and replacement of their contract deliverables. The tables turned, we consulted and presented are counter, we would pick the spinach off ourselves. A cunning retort, by arguing against our best interest, our opponent was perplexed to say the least. Retreating but not retiring, he had to rethink after such a blow.
Alas he returned with a revised counter, our original order half and half extra large, for our troubles. Not to be out done we had to think quickly, but stumbled… Before remembering or original offer, we retorted with a small pizza to go.
Success, a deal made. All and all it was a great pizza place, with excellent management.Friday, March 16, 2007
Negotiation Unraveled
Any negotiation begins because one or both parties have an issue in which they would like to get resolved, these issue should be mentally flushed out before beginning. One of the most interesting things that I discovered when reading Negotiate This! is how Herb Cohen uses the nature of active listening, to effectively negotiate.My overall favorite concept is from the chapter “Deadlines are not always Draconian,” where the value of a deadline is discussed. Because deadlines are set for many different rationale’s they should be analyzed and the risks and benefits calculated from eclipsing the deadline. Deadlines are not as firm as they may originally appear, and deadlines should not be blindly followed just because they exist. While you may have a deadline, it is also important to remember that the other side always has a deadline as well, else why would they be talking to you?
Within his book, Herb also discussed some questions you should try to gleam answers for when you begin negotiating with another party. While these may seem like common sense, many are never done.
Why are they negotiating with me?
What are their time constraints and deadlines?
By whom and how will their decisions be made?
How do they react to conflict?
What is their negotiating style?
What are the limits of their authority?
What is their negotiating experience and background?
Do they have a realistic alternative to making this deal?
What incentives do they have to make this deal?
What are their underlying interests and concerns?
What’s their track record for honesty and integrity?
What are their expectations with respect to the outcome?
Negotiating is the game of life and humbleness can go along way when positioning you in a negotiation. From humbleness you have the most options to maneuver.
-President Kennedy“How did you become a hero during World War II?”
“It was involuntary, they sunk my boat.”
However, sometimes you must respond to a direct threat, which can be difficult especially in the process of negotiation. These threats can typically be defused though remaining calm and detached. Responding with an inconsequential response, typically an inquiry for clarification. If all else fails pointing out why you don’t have the capacity to comply (lack of authority, legitimacy, precedent, etc...)
Finally, Don’t ever underestimate your options or capacity to make things happen. Because what matters is not what power you’ve got, but what the other side thinks you’ve got.
Wednesday, March 14, 2007
What is Web 2.0
Web 2.0 is a buzz word to describe a new way of communicating and sharing information. However, so far I've not found a good way to explain Web 2.0 in a less technical way, till now. Below is a unique and interesting treatment of text and images to tell a story about web 2.0.
This was taken out of a blog on PresentationZen on the beauty and power of Typography.
This was taken out of a blog on PresentationZen on the beauty and power of Typography.
Sunday, March 11, 2007
The Moment of Reflection, Part 2
Continuing on in the interview with Ira Glass, he discusses the time it takes to develop a good story; however, it holds true for developing any skill. We attempt to develop a skill because we have good taste, a passion for the subject matter.
At first what you are creating isn't so good, its trying to be good, it has ambition to be good, but its not. The reason you know this is that your taste is good enough to tell you that it isn't that good. Causing what you are making to be a disappointment. At this point a lot of people decide to quit, since they are not great at the skill they are attempting to master, yet most people that do creative work go through a phase where what they are creating is not that good.
Like any artisan skill, they cannot be mastered overnight. Mastery of any skill requires dedication and effort. Consider Martial arts, when you begin, you have a vision of what it means to be good, a master; however while you have that taste of what good is, your current work does not product the same results. Through practice your skill is refined and becomes ever closer to resembling the vision of what it means to be good.
Through keeping your standards high and creating a large volume of work, you refine your skill to create something really good.
See the complete interview:
Ira Glass On Story Telling #1
Ira Glass On Story Telling #2
Ira Glass On Story Telling #3
Ira Glass On Story Telling #4
Saturday, March 10, 2007
The Moment of Reflection
Ira Glass, has a very interesting video out on Youtube about what makes a story good, which I encourage anyone who is involved with telling stories, whether that be through presentation, to blogs to papers to take a few minutes and watch.
In storytelling there are two basic building blocks as Ira explains: the anecdote, and the moment of reflection.
The anecdote, being a sequence of actions, where as one thing follows from another, avoiding the use of disjointed facts.
Secondly, the moment of reflection. What is the key point? What does this all mean? Why have I asked you to sit and listen for 30 min, etc. It is not just a series of facts/events. Many people get the first part, they tell an interesting sequence of events, but in the end it fails because it doesn't say anything new, it did not have meaning. Conversely sometimes people have the reflection part and the question is clear in their mind, but they fail to put it in a sequence that compels people to follow and engage.
In a good story you need both the Anecdote and the Moment of Reflection interwoven to make a valuable story for the participant.
In storytelling there are two basic building blocks as Ira explains: the anecdote, and the moment of reflection.
The anecdote, being a sequence of actions, where as one thing follows from another, avoiding the use of disjointed facts.
The anecdote should also raise questions, providing the "bait" for the story. Raise questions right from the beginning to enticing the participant. Implied in any question that you raise, however, is that you are going to answer it. Constantly raise questions and answer them. Shape the story through throwing out questions and answering them along the way."The Power of the anecdote is so great...No matter how boring the material is, if it is in story form...there is suspense in it, it feels like something's going to happen. The reason why is because literally it's a sequence of events...you can feel through its form [that it's] inherently like being on a train that has a destination...and that you're going to find something..."
— Ira Glass
Secondly, the moment of reflection. What is the key point? What does this all mean? Why have I asked you to sit and listen for 30 min, etc. It is not just a series of facts/events. Many people get the first part, they tell an interesting sequence of events, but in the end it fails because it doesn't say anything new, it did not have meaning. Conversely sometimes people have the reflection part and the question is clear in their mind, but they fail to put it in a sequence that compels people to follow and engage.
In a good story you need both the Anecdote and the Moment of Reflection interwoven to make a valuable story for the participant.
Thursday, March 8, 2007
Volvo S80
I was working with the TV on tonight when a two part Volvo commercial came on, advertising the S80, what I found so interesting about this commercial was their use of different buyer persona's to elicit a cool factor. It was in my mind a perfect example of the difference between the cool factor and something that will be utilized once the purchase is made.
The first part of this commercial was about a blind spot detector which drew my attention away from my current project, and was directly followed up with an introduction to their heart rate detector, in brief summary the device detected if their was a heart beat in your new S80 and alerts you before you enter your car. Now this has cool factor written all over it.
This is especially important when your market space is already saturated with competition, such as with automobiles. While items such as these two new features which Volvo is showcasing on their S80 may have significant effect on a buyers decision to buy, in most cases they will not be a highly utilized element once a purchase has been made. This isn't to say that such features are not important to incorporate into the design of a product since they very well could make the difference between a evaluator deciding to go with your product or your competitors. But design choices should be made when implementing these cool factors, so that they are not over designed during implementation.
Since these features will only be used when making a buying decision, but not during normal operation, they should consciously not be over engineered. Based off of interviews with potential customers during design these features should be identified. With the identification of such features, more engineering time can be utilized on larger ROI features.
The first part of this commercial was about a blind spot detector which drew my attention away from my current project, and was directly followed up with an introduction to their heart rate detector, in brief summary the device detected if their was a heart beat in your new S80 and alerts you before you enter your car. Now this has cool factor written all over it.
This is especially important when your market space is already saturated with competition, such as with automobiles. While items such as these two new features which Volvo is showcasing on their S80 may have significant effect on a buyers decision to buy, in most cases they will not be a highly utilized element once a purchase has been made. This isn't to say that such features are not important to incorporate into the design of a product since they very well could make the difference between a evaluator deciding to go with your product or your competitors. But design choices should be made when implementing these cool factors, so that they are not over designed during implementation.
Since these features will only be used when making a buying decision, but not during normal operation, they should consciously not be over engineered. Based off of interviews with potential customers during design these features should be identified. With the identification of such features, more engineering time can be utilized on larger ROI features.
Tuesday, February 27, 2007
Mediocrity, without focus
So this week, I’ve been in training with my cohorts, er my field. Lets just say it’s been an interesting perspective, if you don’t know what I do check out this youtube video (http://www.youtube.com/watch?v=_Bs3o1DMdeI). Perhaps is not exactly my job, but it’s a nice summation of my kind, I’m sorry to say. I also have to say that San Francisco is having some really crappy weather, and business deals don’t stop even if you are training. Which is a shame.
I don’t know how often or if you ever get a change to visit other people in your field but its very enlightening to see how diverse its made up of. It seems that all of you have the same or at least similar job titles, yet very few actually seem to be doing the same thing, sure most have a considerable overlap, but they can be considerably different.
It brings to question how do people compare themselves to others in their profession, if you believe that you cannot really on titles. It really seems that to make an adequate comparison of responsibilities you must develop a prior repore with them. Which brings in to question how many relationship the average person has in today’s business world. One major issue I see occurring, is that if the only time you call upon this relationship is to ask something of them, it isn’t valuable to them, since for some reason it never lasts unless both parties see the benefit.
Anyways I must get back to exploring MIT Courses.
“There’s a difference between being busy and being productive”
-Kristen Lippincott
Subscribe to:
Posts (Atom)