Social Engineering is alive and well

Don't believe social engineering can become viral like the latest youtube hamster video?  Think again.

From my best count, 12 people every 3 seconds were falling for this.  The website is very vague, claiming its safe ...but with whom?!  Do people really fall for this?  Why yes, yes they do. People want to know who's stalking them ... and yet they can protect their tweets quite easily.  Doing a quick look up on them, they're registered via godaddy and their proxy service so you can't really see who they are.  Any real service won't do this (yea, I said it, watcho gonna do about it?) so wonder how much damage this will do ... and how many people won't learn there lesson?

Twitter can't stop this either, not without taking out everyone else that's using the API.  Might be time for them to issue API codes.

Do you have nice day?! :-)

*** UPDATE ***

Now the site displays the following message

and its straight HTML <center> and the text you see above.  So was it a hack of a hack?  Hmmmmm interesting.  It's too bad they don't have contact info because now I'm curious.

Ask the right question, get the right answer

Talked about this during a lunch I went to with Brent Huston (web, twitter) and he asked me had I done a write up on this ... and I haven't so I shall.  It's a good piece of info that I think everyone should master - Ask the right question, get the right answer.  This pays off in so many ways, it isn't funny and you can use it and abuse it everywhere, in everyday life.  This isn't a great theory that doesn't work in reality, this is a basic foundational requirement.  Yes, I feel very strongly about this and Brent suggested I should write up how I managed to teach it so here goes.

I hinted at this when I mentioned a good friend of mine, Jay Saunders, was graduating.  I tortured him for a solid 2 months (probably more), teaching him this practice.  When he started, I told him the number one thing was teaching him how to ask the right questions.  Purpose being is multi-layered.  First, without asking the right questions, you waste a lot of time figuring out what they (the users) really mean.  Second, if you take a minute to think about what you really want, you also should think of the possible reactions of the person being asked -- I will come back to this because there's a lot of nasty pitfalls that need to be addressed.  Third, it forces a different thought process and finally, the real goal, it forces the person being asked to NOT give a wrong answer. More...

Start the discussion

This is a continuation of my mentoring post made a few days ago but on a more fundamental level.  I have no doubt that within every organization, every team and their members are thinking the same thing, but no one is saying it.  There's a lot of reasons why and none of them are good.  So what's the problem?  Communication.  People are afraid of looking stupid, asking a dumb question and generally don't want to look like the guy that doesn't know.  Well, I usually don't know, so I ask and I've noticed a trend that doesn't surprise me - discussions begin to spawn awesomeness but they're not happening everywhere.

A perfect example came around a few weeks back.  I got some time to sit back and learn something so I asked Jon Kruger about what I should be learning next?  It's a huge, open ended question but he had a quick, exact response - learn TDD.  He didn't say read up on silverlight or ruby or any thing else, he went right for a practice that he's using, regardless of its language.  Ok, great, so I asked him "point me in a direction" ... he didn't find anything that was particularly good so, bonus, it spawned a lot of discussions and a few blog posts ...

TDD Starter Kit - Sample Projects and Links

What should you learn next?

Even more important, he did a Lunch and Learn -- we had a full house, around 60 people showed up.  That's a great turn out and even better for Jon (people need to listen to him) but when I left I noticed yet another issue ... a group of people, 5 of them were discussing among themselves how they didn't understand where his mocking came from and how his structure map was working because "it was a custom written thing".  The fail was simple : They didn't ask.  If they would've went up and started talking to Jon about it, I'm sure Jon would have tore it apart and showed them anything and everything -- maybe even wrote a supplement post on it.  But they didn't and the general take away was "I don't know how this part works, so I don't need it".  Again, this is the fear of asking stupid questions in it's perfect sense.

So what's my point?  Start the discussion.  Take a chance, ask and find out.  The excuse of being silent and pretending "I get it" doesn't apply if you sit back and don't ask.  The biggest result that can happen is a wide, sweeping discussion that hashes out a ton of stuff that no one knew everything else is thinking.