A Fortune 500 Blogosphere? Not Yet

Enterprise 2.0 is slowly gaining grounds and you cannot deny it despite top management's neutral position on yet another major "Reengineering of the Corporation". Supply chain management was perhaps among the first departments to really utilize the power of real-time information, and interoperable data standarts -- a mashup-ed ecosystem -- but improving your employees productivity through Web 2.0 tools such as intranet blogs and wikis remains just as unpopular as actual Fortune 500 companies blogging? But how come? Lack of evangelists? Not at all. There's one minor obstacle, you cannot teach an old dog new tricks, unless of course you dedicate extra investments into training him, which is exactly what I feel is happening at the corporate stage - everyone's patiently waiting for the concepts to mature before training and implementation happen for real. What's the current attitude towards external Web 2.0 activities? A Fortune 500 blogosphere isn't emerging as fast as the mainstream one is according to the Fortune 500 Business Blogging Wiki :

"a directory of Fortune 500 companies that have business blogs, defined as: active public blogs by company employees about the company and/or its products. According to our research, 40 (8%) of the Fortune 500 are blogging as of 10/05/06. The navigation sidebar to the right lists all the Fortune 500 companies. The list below are the ones that we've found so far that have public blogs as defined above. Please help us by entering data on those we've missed. ONLY Fortune 500 companies, please. If you're not sure if it's on the F500 list (it includes US companies only), check the sidebar. If it's not there, consider adding it to the Global 1,000 Business Blogging page instead."

I think the main reason behind this are the inevitable channel conflicts that will arise from let's say Pfizer's blogging compared to using the services of their traditional advertising and PR agencies -- I also imagine a links density analysis of their blog indicating the highest % of links pointing to Erowid.org. But ask yourself the following, what if these very same agencies start offering bloggers-for-hire in their portfolio of services, would the big guys get interested then? Or when will they start understanding the ROI of blogging?

Video on Analyzing and Removing Rootkits

Courtesy of WatchGuard part three of their malware analysis series walks you through various commercial and free utilities for detecting and removing rootkits :

"In this episode, Corey and his Magic White Board show how kernel mode rootkits work. Also covered: recommended tools and techniques for detecting and removing rootkits."

Jihadists Using Kaspersky Anti Virus

I wonder what are the low lifes actually protecting themselves from? Malware attacks in principle, or preparing to prevent a malware infection courtesy of an unamed law enforcement agency given their interest in coding malware :

"German police officials have expressed interest in developing software tools to help them surveil computer users who may be involved in crime. The tools might include types of software similar to those used in online fraud and theft schemes, such as programs that record keystrokes, logins and passwords. Security companies, however, are asserting that they wouldn't make exceptions to their software to accommodate, for example, Trojan horse programs planted by law enforcement on users' computers."

This is a very contradictive development that deserves to be much more actively debated around the industry than it is for the time being. Law enforcement agensies and intelligence agencies have always been interested in zero day vulnerabilities and firmware infections, thus gaining a competitive advantage in the silent war. Among the most famous speculations of an intelligence agency using malicious code for offensive purposes is the infamous CIA infection/logicbomb of Russian gas pipeline :

"While there were no physical casualties from the pipeline explosion, there was significant damage to the Soviet economy. Its ultimate bankruptcy, not a bloody battle or nuclear exchange, is what brought the Cold War to an end. In time the Soviets came to understand that they had been stealing bogus technology, but now what were they to do? By implication, every cell of the Soviet leviathan might be infected. They had no way of knowing which equipment was sound, which was bogus. All was suspect, which was the intended endgame for the operation. The faulty software was slipped to the Russians after an agent recruited by the French and dubbed "Farewell" provided a shopping list of Soviet priorities, which focused on stealing Western technology."

Excluding the spy thriller motives, nothing's impossible the impossible just takes a little while, and the same goes for SCADA devices vulnerabilities and on purposely shipping buggy software. Anti virus vendors will get even more pressure trying to protect their customers from not only the malware released by malware authors, but also from the one courtesy of law enforcement agencies. Cyber warfare is here to stay, no doubt about it, but using malware to monitor suspects will perhaps prompt them to keep an eye on the last time their AV software got updated, and still keep pushing the update button in between.

ASCII Art Spam

A spammer's biggest trade off - making it through anti-spam filters doesn't mean the email receipt will even get the slightest chance of understanding what he's about to get scammed with.

"We have seen SPAM using ASCII ART in order to avoid being detected by antispam filters. Most of the times, they try to show different words (Viagra, etc.) using this technique, but this is the first time I have seen them showing a picture. It is not a very high quality one, but I’ve tried it with some different antispam filters and they have been fooled."

Here's an old school ASCII generator you can play around with, and a related image from a previous post on overperforming spammers.