Monster.com reply to latest hacking incident

Following is a notice monster.com sent out late last night with the subject "An Important Message to Our Valued Monster Customers" regarding their recent data loss to hackers.  Interestingly, they never actually apologize for the incident.  Bold is mine.

Dear Valued Monster Customer,

Protecting the job seekers who use our website is a top priority, and we value the trust you place in Monster. Regrettably, opportunistic criminals are increasingly using the Internet for illegitimate purposes. As is the case with many companies that maintain large databases of information, Monster is from time to time subject to attempts to illegally extract information from its database.

As you may be aware, the Monster resume database was recently the target of malicious activity that involved the illegal downloading of information such as names, addresses, phone numbers, and email addresses for some of our job seekers with resumes posted on Monster sites. Monster responded to this specific incident by conducting a comprehensive review of internal processes and procedures, notified those job seekers that their contact records had been downloaded illegally, and shut down a rogue server that was hosting these records.

The Company has determined that this incident is not the first time Monster's database has been the target of criminal activity. Due to the significant amount of uncertainty in determining which individual job seekers may have been impacted, Monster felt that it was in your best interest to take the precautionary steps of reaching out to you and all Monster job seekers regarding this issue. Monster believes illegally downloaded contact information may be used to lure job seekers into opening a "phishing" email that attempts to acquire financial information or lure job seekers into fraudulent financial transactions. This has been the case in similar attacks on other websites.

We want to inform you about preventive measures you can take to protect yourself from online fraud. While no company can completely prevent unauthorized access to data, we believe that by reaching out to job seekers like you, the Company can help users better defend themselves against those who have attacked Monster as well as other databases.

We are committed to maintaining an ongoing dialogue with all of our job seekers about Internet security and the steps Monster is taking to protect its job seekers. The Company has placed a security alert on Monster sites offering information to educate you about online fraud. This information can be found at http://help.monster.com/besafe/. We have also included information on Internet safety and examples of fraudulent "phishing" emails at the bottom of this letter.

Monster has launched a series of initiatives to enhance and to protect the information you have entrusted to us. Some of these steps are being immediately implemented, while others will be put into place as appropriate.

We believe these actions are the responsible steps to protect the trust you place in Monster. We are also working with Monster's hundreds of thousands of employer customers to ensure a safe and effective online job search. We will continue to share information with you about the enhancements we are making as we serve as your online career resource partner. We invite you to keep reading to learn more about how to use the Internet safely.

Sincerely,

Signature
Sal Iannuzzi

Chairman and CEO

Monster Worldwide

The message then goes on to highlight "HOW TO BE A SAFE INTERNET USER" with the topics:

• What's "phishing" all about – and how do I spot it?
• How is it different than "spoofing"?
• Examples of fraudulent email: (clickable examples of fraudulent email)

Of course its kind of funny to have an email that says, "don't click on phishing links."  And then says, "here's a bunch of sample links to click on."

Thumbs up for monster finally admitting the issue. Thumbs down for the response time and lack of apology.  Don't they have to (by I believe california law) have to admit to a breach of data much quicker then this?

read more...

Good ideas lost in emails and instant messages

I don't like to email anymore. Especially at work. I have some issues with instant messaging too.

Ideas get lost. So do instructions and documentation. Sure, you can make a nice document and put it out there on your internal corporate network, but no one will ever look at it. Do you have a way to search thru the contents of it? No? I didn't think so. Me neither.

I'm thinking of blogging everything. Blogging everything I want/need to remember. Maybe I'll make a blog inside work for documenting work procedures and ideas. And set other people up the same way. And I'll keep blogging stuff here obviously that's good for public consumption.

But then there's the IMs to contend with.

After losing a job surprisingly a few years ago, I've worked pretty hard to develop and nurture a network of people in my field that I can turn to and who can turn to me. This is mostly done via quick IMs. So on any given day there's a good amount of knowledge transfer back and forth in instant messaging. I view this as a kind of professional development. As long as it doesn't interfere with my daily responsibilities, it's fine. I've learned a lot from people this way and hopefully they've learned from me too.

So how do I search thru all those great tidbits, links, theories, etc. that I've given and received via IM? I'm thinking of chucking those into a database or text indexer and making those searchable via web too. I'm just not sure of the best way to go about that yet.  More to come.

read more...

Create your own Simpson character

I dub thee Rich Zimpson.  It's scary how similar this is to what I really look like.



Make your own at http://www.simpsonsmovie.com/

read more...

Best... Typo... Ever...

From: Sysadmin Subject: Server auto logout FYI Interactive logins on all unix machines will now automatically timeout after 1 hour of inactivity. If you are running a long-running job/script, this will be unaffected if it runs past an hour. If you are just shitting at a shell prompt, and haven't typed anything in an hour, you will be logged out. Feel free to pass this on to anyone else I may have missed.

read more...

Still fleshing out the syntax highlighting

I'm not 100% happy with the way the syntax highlighting is working out so far with the code examples. I may have to hack up the plug-in. My apologies if it's annoying you as well.

UPDATE 12/2/2005: It would help if I actually included the css file, eh? Code examples now contain outlines and scrolling.

read more...

Personal Disaster Recovery for the Masses

A few people make fun of me because I have a personal disaster recovery plan for my computers, data, and applications that are located in my home. These people aren’t in the IT industry. Those in IT usually nod thoughtfully and muse, “I should do that too.”


At least once a month, I back up all my important data and documentation, burn it to some CDs and place it in one of those lockable fire-proof boxes. I include my bookmarks and any software that I’ve downloaded and installed recently, like some of the open source projects I’m trying out. If I’m working on a specific project from home, I copy the data to multiple machines daily and usually burn it to CD every couple of days.


I also put my address book in the fire-proof box in various file formats as well as actual print-outs. This includes all my business contacts, credit card and utility companies, insurance companies, etc. If a fire ever burns my place down, I just need to find that box in the rubble, open it up and start making calls. I think most people could benefit from this regardless of whether or not they’re in IT.


My software documentation usually includes step-by-step instructions for getting back up to speed should disaster strike. I try to document everything as I use it the first time so that documentation isn’t a separate chore. I still have a lot of work to do here but I am definitely making progress.


Well, this weekend, my Fedora linux box up and died. The power supply keeled over (at the ripe old age of 10 years). When the power failed it corrupted the hard drives because it wouldn’t let me boot back into linux. So, I had to replace the power supply and then just re-install linux. I had documentation on all the options to choose during install. I also had docs on installing/configuring Apache, mySQL, PHP, Perl and its modules.


Now, I am far from perfect and there were a few instances where I had to make educated guesses on setups but I was sure to add those into the docs as I went. There’s a kind of recursive nature to disaster recovery. The more disasters you have, the better you get at it I suppose.


The whole install and configuring process took me only about 5 hours. This could have been faster but my linux box is a Frankenstein, with most parts being pretty old and slow. I was pretty impressed that the whole process only killed one morning.

read more...

Studies: Lost sleep equals gained weight

I've always said that at a certain point, sleep and food are interchangeable. I learned this back in my first run through college during the many sleepless nights I spent studying. I also find the same thing happens when I'm up late programming. If I'm missing a few hours sleep, I try to replace the missed hours of sleep with a full meal. Now, there's a study that proves me right.

Losing sleep can raise levels of hormones linked with appetite and eating behavior, the researchers said... we are finding that people tend to replace reduced sleep with added calories.

So, keep that in mind the next time you're burning the midnight oil.

read more...

It's a bunch of BCS

I wrote a similar diatribe last year on this. Here is an updated version:


I like football. Not-so-much college football because of the constant bickering involved in "who is the best" type discussions. Although, I wish I had paid more attention in my statistics classes in school. I’m trying to understand this whole college football snafu in determining who is actually the number one college team.


I’ve come to the conclusion based on several years of programming experience that there is no mathematical algorithm that can define who is the national champion in college football.


The BCS is quite simply broken beyond repair. It is therefore quite an interesting study in corporate application development.


Looking at the BCS standings from a mathematical standpoint has me just stumped. I tried reading through Colley’s Matrix info but my eyes glazed over. Colley's rankings make up essentially 1/7 of the BCS calculation. In retrospect, I probably started with the wrong part of the BCS calculation, as there seem to be a few simpler methods out there being used.


But Colley makes a good point before he gets to all the mathematical jargon. There are 117 division I-A college football teams that each play about 11 games. Some of them play more than 11. This upsets the rankings. Some of these games may even be against division I-AA teams. This also upsets the rankings. Therefore, the opponents of each team for a season cannot be a statistically viable sample representation of the teams competing since teams compete on multiple skill levels (I-A, I-AA) and for multiple durations. Put another way:


There’s too many teams in college football with too much disparity between them and they don’t all play the same number of games.


The solution? Well, a lot of people want to get rid of the BCS computerized rankings. Some people want to change them to add in margin of victory. Some people want to add an 8 team playoff like in I-AA. (The problem there is how to decide which 8 teams though, so the BCS will again be involved).


This becomes an interesting business problem because this is not a problem that can be solved by throwing more data at it. This is a classic (but wrong) business system approach:

“We don’t think this data is always right. So, we’re going to fix it by throwing more data into it.”

It won’t help if they add certain items like “margin of victory” into the calculations. Any programmer can almost immediately come to the underlying conclusion that there is failure built into the system. The architecture, if you will, for determining the college football national champion will almost never provide a definitive champion. Quite simply, the BCS system is broken and needs to be re-built from the ground up. Much like a malfunctioning application, sometimes you have to know when continual debugging isn’t helping, and be confident enough to design and build a new system.


The solution to all of this BCS nonsense is three-fold.


First, they need to get rid of half the teams in division I-A football. Half of those teams are terrible anyway. Army. Vanderbilt. Western Michigan. Good gravy, my mom and her sewing circle could beat those teams.


Second, every team in the country needs to be in a conference and that conference needs to have a playoff system to determine the winner. Yes, this means you Navy and Notre Dame (if you are ever good again).


Third, you can’t let division I-A teams play division I-AA teams. It screws everything up. The math goes out the window and it is like comparing apples to pineapples.


Or of course, we could just say “who cares” and let those boys just earn a decent education instead of spending all this time, money and effort on trying to weed out the winners from the losers.


But who the hell wants to do that? It’s so un-American.

read more...

sure I look like a follower

I might look like a follower. This is afterall a blog that I'm starting and everyone is doing that. Some of you may remember the old days of this site. We were blogging before there was such a term. We had a webcam before the words web and camera were combined. We started in the mid 1990's when most of you were still in diapers. Okay, well maybe not most of you, but perhaps some of you.

We didn't call it blogging then, we called it venting. I suppose the premise is the same. Although now I have this fancy software that virtually writes new posts for me.

Anyway, I'm back. Because I have a lot to say. Because I need to vent a lot. Because I <shudder> want to blog.

read more...