Mike Fratto

Network Computing Editor


Upcoming Events

Where the Cloud Touches Down: Simplifying Data Center Infrastructure Management

Thursday, July 25, 2013
10:00 AM PT/1:00 PM ET

In most data centers, DCIM rests on a shaky foundation of manual record keeping and scattered documentation. OpManager replaces data center documentation with a single repository for data, QRCodes for asset tracking, accurate 3D mapping of asset locations, and a configuration management database (CMDB). In this webcast, sponsored by ManageEngine, you will see how a real-world datacenter mapping stored in racktables gets imported into OpManager, which then provides a 3D visualization of where assets actually are. You'll also see how the QR Code generator helps you make the link between real assets and the monitoring world, and how the layered CMDB provides a single point of view for all your configuration data.

Register Now!

A Network Computing Webinar:
SDN First Steps

Thursday, August 8, 2013
11:00 AM PT / 2:00 PM ET

This webinar will help attendees understand the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging. It will also help users decide whether SDN makes sense in their environment, and outline the first steps IT can take for testing SDN technologies.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

See more from this blogger

Follow Amazon Example In User Account Management

The other day my wife received an email from Amazon.com saying that her account name, and possibly her password, was found on a website and the information might be real. Amazon wasn't breached. The list of accounts was one of 67,000 released by Lulzsec, and some of them seem to have come from another site unrelated to Amazon.com that she was registered with. Since users tend to re-use passwords, Amazon customer service sent an alert. Unlike other alerts and regular customer communication from other companies, this email didn’t contain any links but did tell her to enter www.amazon.com into her browser and then how to reset her password. That is the proper and safe way to notify users and have them change a password. More companies should follow Amazon’s lead.

User account management and outreach is an important part of any organization's customer service efforts. For many years, banks, insurance companies and other organizations that manage sensitive customer information have largely done their users a disservice by using links in emails. While they are trying to be helpful by providing links, the critical side effect is that users get used to clicking on them, and that is one--one of many--way of facilitating phishing. Users get used to clicking on links in emails, emails that look legitimate (even with horrible misspellings). Phishers use that knowledge, plus various techniques, to hide malicious URLs behind HTML anchor tags.

If you work for a company that interacts with customers, do your customers a favor and stop sending emails with links in them. Rather, examine your customer service processes for account management and make them easy (but secure!) to use. Then, create your email templates telling customers to enter the URL in a browser and take the following steps to manage their accounts. If customers complain, and some will, tell them why you are doing so. They’ll get it, and you will have done one small but effective thing to slow the success of phishing.

I tell everyone I know not to click on links in emails, regardless of how legitimate the email looks. If they are telling you to do something, then type the URL in your browser or use a bookmark. If the email is legitimate, then you can always verify that by going to the website directly. Yes, it is slightly less convenient to click a bookmark or type in a URL, but it’s better than having your account credentials stolen.

I also encourage everyone to use a password manager and not re-use passwords across sites. This is slightly harder to do in practice, since it requires extra effort and you have to protect the password manager database, but the benefit is that, if one account is stolen, attackers can’t use one password to get in everywhere. There were a number of Tweets, unverified, of people using the account information in the posted password file to access a number of sites and change the information of victims.

I’d like to thank whoever at Amazon took the initiative to get the list, run a comparison of account names against Amazon’s customer list, and then notify customers of a potential problem.

Mike Fratto is editor of Network Computing. You can email him, follow him on Twitter, or join the Network Computing group on LinkedIN. He's not as grumpy as he seems.


Related Reading


More Insights


Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
 
Vendor Comparisons
Network Computing’s Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:

WAN Security Reports

Research and Reports

Network Computing: April 2013



TechWeb Careers