I'm director of e-commerce for a band in out of Ann Arbor, MI called Tally Hall.
We use a five-pronged attack to establishing an online presence and it's raised our site's traffic from an avg 200/day two months ago to over 25,000/day now.
Don't want to give away all our secrets but here are a few crucial points of advice:
1) Give away mp3s free. As Microsoft gave MS-DOS away free when it initially emerged, it helps the product spread across the globe much faster than being a stickler for CD sales. A lot of bands are concerned giving free mp3s will reduce CD sales, in fact it's just the opposite. Yes, there are a minority that might not buy a CD once their mp3 is free, but it's been our experience that CD sales went through the roof as we released mp3s free and exposed the music to a wider audience.
3) Sign up at sites like myspace.com and acquire fans/listeners/feedback on your music free. We've earned nearly 25k fans through myspace.com alone
4) Penetrate the blogosphere. One person writes about your music and likes it, next thing you know you've got referral traffic coming from over 1,600 different blogs (or at least that's been our experience).
5) Just keep pushing. Three months ago almost no one heard of Tally Hall. Now they're scouted by some of the largest labels around. Starting as just a college band with a small fan base in Ann Arbor, our internet strategy's led us to acquire over 100k new fans in just a few months. When you first start it'll be very slow, but like a snowball pushed down a hill it will eventually grow enough momentum to soar on its own.
This is all assuming there is an audience for your music.
If I may bring something everyone's attention as a network security consultant:
According to the 2004 FBI/CSI Computer Crime and Security Survey, 53% of polled corporations, government agencies, financial institutions, medical institutions, and universities detected computer security breaches within the last twelve months.
To speak as if network security is some simple line item an organization would check-off and pay if they "cared" about their customers is utterly ignorant. Yes, there are thousands more organizations getting hacked all the time, losing their customer's information, and you never hear about it. I've done network forensics for three Michigan organizations that have been hacked already this year, and none of them told me "Hey by the way, please take this to the press and let everyone know we got hacked."
The bottom line is this: No network is 100% secure. Security is not some line item that can be paid for when an organization "cares" about their customers. To speak as though any organization that gets hacked must have been negligent only exposes your ignorance on the topic.
True, too many organizations purchase firewalls and IDS and think they're secure. Organizations need to learn security is a process. Not a product.
It's interesting how everyone is so quick to assume this was a major act of negligence on the part of the company in question. PayMaxx, ChoicePoint, whoever's next.
As a network security consultant may I'd like to point something out: No network is 100% secure. According to the 2004 FBI/CSI Computer Crime and Security Survey, 53% of polled corporations, government agencies, financial institutions, medical institutions, and universities detected computer security breaches within the last twelve months.
If we're naive enough to think PayMaxx and ChoicePoint are the only companies who have let millions of SSNs slip we're dead wrong. Oakland University was utterly hacked three months ago. Shortly after, a research server at UC Berkeley was hacked and lost a few more million SSNs.
Network security is not some simple line item that an organization can pay to show "due diligence". No matter how many firewalls, high-end intrusion prevension systems, and encryption ciphers people deploy on their networks one thing holds true: prevention eventually fails, & the best you can do is 1) try to prevent it, 2) be prepared to deal with it when it happens.
As the network security goes, "It's no longer a question of if you'll get hacked. It's when."
For those of you who would prefer actually making some $ off that phone you paid for instead of giving it to these 'creative gents' who will paint it like a flower and drop it in a pot there is actually a company that will buy your old phones from you.
See: www.thewirelesssource.com
- Don't throw your old phones out.
- Don't paint them like flowers and leave them in a pot.
- Make money selling them to a refurbisher who can then distribute it to someone who will appreciate it.
The old saying stands:
One man's trash is another man's treasure.
First, my apologies to the Honeynet Project (http://project.honeynet.org), the Distibuted Honeypot Project (http://www.lucidic.net), and everyone else who does research in the field of honeynets for releasing a paper which revealed the identity of the hackers involves, as this clearly doesn't fall into the scope of releasing a good whitepaper on the topic.
Second, my sincerest apologies to the two hackers who compromised my honeypot. I went through and tried to conceal the identity of the two hackers involved, but it's true I knew they could still be traced by searching google's cache for pretty much any sentence on the cached page I displayed. I had no intention of revealing their identities, and it's clear I thoroughly overestimated the level of maturity of my target audience.
To be completely honest, I would rather have never had this article featured on deadly.org and/. if I had known ahead of time how badly the two hackers personal information would be exploited.
To those people who read this, please stop bugging the hackers involved. They appear to be nothing more than innocent (and slightly unwise) kids. Let's grow up for a minute here for their sake.
It can't be all bad, because after all they did hack a honeypot... so I guess there's a moral to be learned with this story, but please don't take their humiliation any farther than it's already gone.
I'm honored my whitepaper was featured on these great websites, and I hate to feel like I'm crashing the party... but I can't help but feel bad for the poor hackers involved.
With utmost sincerity, Michael Anuzis
Slashdot Mirror
Is "Fantasy Mission Force," an old Jackie Chan film.
If you're ever in the mood to pull your hair out and you're just looking for a reason, rent this movie.
Two commercial solutions can do it no problem:
1) CSA ( Cisco Security Agent)
2) Tablus (www.tablus.com)
Tablus can also disable CD-R, copy/pasting, printing, screenshots, all sorts of other things.
I'm director of e-commerce for a band in out of Ann Arbor, MI called Tally Hall.
We use a five-pronged attack to establishing an online presence and it's raised our site's traffic from an avg 200/day two months ago to over 25,000/day now.
Don't want to give away all our secrets but here are a few crucial points of advice:
1) Give away mp3s free. As Microsoft gave MS-DOS away free when it initially emerged, it helps the product spread across the globe much faster than being a stickler for CD sales. A lot of bands are concerned giving free mp3s will reduce CD sales, in fact it's just the opposite. Yes, there are a minority that might not buy a CD once their mp3 is free, but it's been our experience that CD sales went through the roof as we released mp3s free and exposed the music to a wider audience.
2) If you've got a music video, see if you can get it featured on a huge site like http://www.albinoblacksheep.com/video/bananaman
3) Sign up at sites like myspace.com and acquire fans/listeners/feedback on your music free. We've earned nearly 25k fans through myspace.com alone
4) Penetrate the blogosphere. One person writes about your music and likes it, next thing you know you've got referral traffic coming from over 1,600 different blogs (or at least that's been our experience).
5) Just keep pushing. Three months ago almost no one heard of Tally Hall. Now they're scouted by some of the largest labels around. Starting as just a college band with a small fan base in Ann Arbor, our internet strategy's led us to acquire over 100k new fans in just a few months. When you first start it'll be very slow, but like a snowball pushed down a hill it will eventually grow enough momentum to soar on its own.
This is all assuming there is an audience for your music.
Best of luck.
-Michael
There is a profound difference between a Debian command line and DOS.
I feel most productive in DOS.
According to the 2004 FBI/CSI Computer Crime and Security Survey, 53% of polled corporations, government agencies, financial institutions, medical institutions, and universities detected computer security breaches within the last twelve months.
To speak as if network security is some simple line item an organization would check-off and pay if they "cared" about their customers is utterly ignorant. Yes, there are thousands more organizations getting hacked all the time, losing their customer's information, and you never hear about it. I've done network forensics for three Michigan organizations that have been hacked already this year, and none of them told me "Hey by the way, please take this to the press and let everyone know we got hacked."
The bottom line is this: No network is 100% secure. Security is not some line item that can be paid for when an organization "cares" about their customers. To speak as though any organization that gets hacked must have been negligent only exposes your ignorance on the topic.
True, too many organizations purchase firewalls and IDS and think they're secure. Organizations need to learn security is a process. Not a product.
That's where security consultants provide value.
It's interesting how everyone is so quick to assume this was a major act of negligence on the part of the company in question. PayMaxx, ChoicePoint, whoever's next. As a network security consultant may I'd like to point something out: No network is 100% secure. According to the 2004 FBI/CSI Computer Crime and Security Survey, 53% of polled corporations, government agencies, financial institutions, medical institutions, and universities detected computer security breaches within the last twelve months. If we're naive enough to think PayMaxx and ChoicePoint are the only companies who have let millions of SSNs slip we're dead wrong. Oakland University was utterly hacked three months ago. Shortly after, a research server at UC Berkeley was hacked and lost a few more million SSNs. Network security is not some simple line item that an organization can pay to show "due diligence". No matter how many firewalls, high-end intrusion prevension systems, and encryption ciphers people deploy on their networks one thing holds true: prevention eventually fails, & the best you can do is 1) try to prevent it, 2) be prepared to deal with it when it happens. As the network security goes, "It's no longer a question of if you'll get hacked. It's when."
For those of you who would prefer actually making some $ off that phone you paid for instead of giving it to these 'creative gents' who will paint it like a flower and drop it in a pot there is actually a company that will buy your old phones from you. See: www.thewirelesssource.com - Don't throw your old phones out. - Don't paint them like flowers and leave them in a pot. - Make money selling them to a refurbisher who can then distribute it to someone who will appreciate it. The old saying stands: One man's trash is another man's treasure.
For those interested the site the whitepaper was on has been temporarily disabled by the web hosting company due to too much traffic.
Another copy of the whitepaper is available at:
http://www.anuzisnetworking.com/whitepapers/
And to verify, yes it was in fact me who posted the above apology. --Michael Anuzis
First, my apologies to the Honeynet Project (http://project.honeynet.org), the Distibuted Honeypot Project (http://www.lucidic.net), and everyone else who does research in the field of honeynets for releasing a paper which revealed the identity of the hackers involves, as this clearly doesn't fall into the scope of releasing a good whitepaper on the topic. Second, my sincerest apologies to the two hackers who compromised my honeypot. I went through and tried to conceal the identity of the two hackers involved, but it's true I knew they could still be traced by searching google's cache for pretty much any sentence on the cached page I displayed. I had no intention of revealing their identities, and it's clear I thoroughly overestimated the level of maturity of my target audience. To be completely honest, I would rather have never had this article featured on deadly.org and /. if I had known ahead of time how badly the two hackers personal information would be exploited.
To those people who read this, please stop bugging the hackers involved. They appear to be nothing more than innocent (and slightly unwise) kids. Let's grow up for a minute here for their sake.
It can't be all bad, because after all they did hack a honeypot... so I guess there's a moral to be learned with this story, but please don't take their humiliation any farther than it's already gone.
I'm honored my whitepaper was featured on these great websites, and I hate to feel like I'm crashing the party... but I can't help but feel bad for the poor hackers involved.
With utmost sincerity, Michael Anuzis