Gone phishing … changing passwords isn’t enough.

I had started writing this piece yesterday on a train journey back from Leeds, and as phishing was mentioned on Radio4 this morning, including @subutchers ‘to the point’ tweet about password strengths being read out, I thought I had better finish it and post.

I felt ‘obliged’ to post something on passwords and phishing as I encourage and support people/organisations to join up to, explore and use twitter for a number of reasons (another blog item there!), as for example at the well received presentation on social media that I and @epaul gave to the Black Country Construction Excellence Club during the week. As a result a good many people have taken  their first steps into the world of twitter.
Also a high number of trusted friends have succumbed to the recent phishing attacks
Phishing is just what it says on the tin, scams and cons to get you to part with your password and twitter account details. And as Su Butcher says the strength of the password is irrelevant if you give it away! Phishers don’t invest in time and effort in cracking your password – they simply ask for it. And get it.
So why do we give it away?
It seems twitter users see the community as a nice friendly place (it hasn’t until recently had the hard core spam that email for example has had) So when a friend suggests a nice application for increasing followers, monitoring twitter influence, testing your IQ,suggesting people you should follow etc, we fall for it and give up our high strength password. And of course re-tweet that we have done so.
In addition there are an ever increasing number of new twitter apps for pc’s mac’s and phones and don’t we just love trying them out? And of course we give our ultra high strength password away.
There are phish scams that offer to clear your tweets up if you have fallen foul to a regular phishing attacks, all you need to do is hand over your new unbreakable password. And it seems tweeters do, again!
As I mentioned in the Black Country to potential twitters: treat your password as though it was your bank account details. Don’t give access to others simple. Or and if you do, change it immediately.
More importantly though is to check and know who you have given access and authority to. You may be surprised – I was and I thought I was ultra careful.
  • Go to the web application for twitter and open your account. (with the far more sophisticated twitter apps available many do not ever go back to the basic web app, this is a mistake as it is here that your account details are held and can be changed)
  • Go to settings
  • Go to connections
  • Here you will see 

    You’ve allowed the following applications to access your account:

  • Revoke access if you have any doubt what so ever.
  • Save
  • Then change password
Do this regularly and don’t visit links in tweets if you have any suspicions at all
But of course phishing is very successful due to the viral re-tweeting of tweets. NEVER re-tweet a link without you have checked it, otherwise you become the phisher!
And if you see someone has been caught, let them know, and refer them to some good advice.

Crumbling Universities graphic

I wonder how this compares with the Displayed Energy Certificates at these universities?

Read the full story from the Guardian @jessshepherd1 here: http://www.guardian.co.uk/news/datablog/2010/feb/16/condition-university-buildings-hefce

#FacilitiesManagement Trends 2010

The Facilities Management market will continue to see a dramatic shift toward multi-service provision in 2010, according to a new market report from MTW Research, with clients following ‘flight to price’ procurement strategies to reduce costs.

Themes include:

Facilities Management market increasingly characterised by closer relationships between suppliers and contractors, as greater efficiencies and lower procurement costs are sought.

Supplier improvement programmes typically include audits in relation to CRM, sustainable procurement and may even include a ‘best practice’ policy to which suppliers are expected to adhere. 

Just over 65% of FM contractors viewed as having either an ‘excellent’ or ‘good’ credit rating, but

11% of the companies active in the Facilities Management market are viewed as being at imminent risk of failure. 


Engineering a low carbon built environment … RAE Paper

We are at the start of a period when the application of building engineering physics will become one of the principal drivers in the construction of new buildings

I need more time to digest this paper, but on a quick scan:
  • Good to see a call for a construction retraining programme… Without urgent action by Government and substantial financial support for education and re-training, the construction industry will be unable to make the necessary step change in carbon emissions performance.
  • I was intrigued to see 3 of the 6 recommendations to government call for more POE (post occupancy evaluations). I think this is a wrong approach. POE's monitor the effectiveness of the design, not the usability and suitablity to the users requirements, ie the way people use the building.
  • The Proposal for alternative façade system looks like a re-engineered Trombe wall
  • A useful directory of passive carbon reduction approaches 
  • A useful treatise on the 'peak oil' Vernacular building types evolved in response to local availability of resources. Only since the mass exploitation of fossil fuels has humankind been free to build resource and energy inefficient buildings.