Up until a few years ago the highest qualification available in Business Administration was the Master of Business Administration (MBA), a highly-valued qualification offered by many major universities. On completion, some students would progress to a Doctor of Philosophy (PhD), but this was seen as a research qualification, rather than something of direct use to practicing managers.

In recent years the qualifications landscape has changed, due to the introduction of a new qualification, the Doctor of Business Administration (DBA). The DBA is a perfect example of a new type of qualification, the Professional or Vocational Doctorate. Professional doctorates are usually awarded in fields where most candidates for the degree are involved in the practice of a profession, rather than carrying out scholarly research. In addition to the DBA, these include EngD (Engineering), EdD (education), DSocSci (Social Science) and nd DClinPsych (Clinical Pychology).

The name of a Professional Doctorate generally specifies the subject area in which it is awarded, rather than the more generic Doctor of Philosophy (PhD), which can be awarded in any subject area. PhD programmes are usually research-based, with no taught content, other than perhaps a few short courses in research methodology. By contrast, Professional Doctorates usually include a year of advanced-level study prior to the research phase. In the case of the DBA, this taught component often focuses on current hot topics, such as entrepreneurship and branding.

The DBA also incorporates a research element, but this tends to be applied research, rather than the scholarly research typical of PhD programmes. Professional doctorates require the submission of a body of original research of a similar length to a PhD thesis. However, this might take the form of a portfolio of technical reports on different research projects, as opposed to a single, long thesis.

Many candidates undertake a DBA on a part-time basis, fitting it around their work commitments. In this case, the research element may be something of direct relevance to their employer and the course may even be sponsored by an employer. A thesis may be jointly supervised by faculty members and company employees.

At present relatively few institutions offer DBA programmes, but the numbers are increasing rapidly and include such well known names as Harvard University and Heriot-Watt University. It remains to be seen whether DBA programmes will come to rival the MBA in popularity, but don’t be surprised when you start hearing prominent businessmen being referred to as “Doctor”.

Social networking sites like Facebook, Bebo and MySpace have soared in popularity over the last few years. They allow users to keep in touch with their friends and make new friends, but they can also expose them to malware and other online danger. As usage of Web 2.0 applications, like blogs, wikis and social networking sites increases, they become more attractive to cyber criminals. Many users of these sites are relatively new to computers and can sometimes be fairly nave regarding online threats.

All of the threats described in this article have now been eliminated by site owners, but new ones will inevitably arise as attackers develop their techniques in response to increased security measures. Social networking sites are attractive targets as their interactive nature allows them to spread threats very quickly. Many of these threats exploit the trust people have in their friends, emphasizing the fact that it is important to treat electronic communications with care, no matter who they appear to be from.

As with other aspects of Internet use, threats fall into two categories: behaviour-based and technology-based.

Behavior-Based Threats

Behaviour-based threats arise largely because users are careless regarding the personal information they share online. This can leave them vulnerable to phishing attacks and identity theft. Users often publish details of their friends, their likes and dislikes, hobbies and jobs, without realizing that this information can be invaluable to identity thieves as it can help them appear more credible.

After carrying out research on a random sample of Facebook users carried out by Sophos, an IT security company, showed that 41% were prepared to give out personal information like as email address, date of birth and phone number to a complete stranger. The researchers created a fictitious Facebook profile for a green plastic frog named Freddi and sent out 200 friend requests to random users all over the planet. 87 of the users contacted replied and 82 of them supplied personal information, like email addresses, date of birth, details about their education or workplace, address and phone number, as well as photos of friends and family and information about partners, hobbies and likes and dislikes.

In 2007 Internet Safety website Get Safe Online found that a quarter of UK social networking users had posted confidential personal information, such as their address or phone number on their social networking profiles. 13% of them had posted information or photos of other people online without their knowledge. This figure increased to a worrying 27% among users aged 18-24.

Social networking sites can be the source of threats other than phishing. Eleven students at a high school near Toronto were suspended after posting comments about their principal on Facebook after the school enforced a district ban on electronic devices and announced it would impose a uniform policy. A school spokesman that the comments posted on Facebook amounted to cyber-bullying and described them as vulgar and profane.

There have been several stories claiming that young girls have been raped by older men who encountered them via MySpace or Facebook, but none of these appear to have been conclusively proved. The real problem is that social networking sites offer an opportunity for men to meet young girls in an unsupervised environment, something which should be of grave concern to parents.

Technology-Based Threats

Social networking sites can also be a source of technology-based threats. They allow millions of users to post content, so it’s fairly inevitable that some of these will be malicious persons attempting to post viruses or spyware.

At the beginning of 2008 more than three million Facebook users were infected with spyware in less than four days. A widget named “Secret Crush” or “My Admirer” is thought to have been downloaded by one and a half million users. It claimed that it would tell users who had a secret crush on them, but actually tricked them into downloading the infamous Zango spyware, which spread by asking unsuspecting users to forward it to five friends.

According to anti-virus vendor Symantec, vulnerabilities which could be used by hackers to snatch control of Windows PCs have been found in a pair of ActiveX controls that both Facebook and MySpace provide to users for uploading images to their pages via Microsoft’s Internet Explorer (IE) browser. The controls are based on an ActiveX control named Image Uploader, produced by Aurigma Inc.

Towards the end of 2005, 19-year old Samy Kamkar wrote a worm that infected more than a million MYSpace users and caused the site to shut down. The Samy worm added a million friends to his profile within a few hours, adding the string “but most of all, Samy is my hero” to each of their profiles. Kamkar was later sentenced to three years probation and made to perform 90 days of community service.

In January 2008 a 17-gigabyte file containing more than half a million pictures obtained from private MySpace profiles appeared on BitTorrent, a well-known peer-to-peer file sharing service. This is biggest privacy breach to date on a social networking site. It was made possible because a security vulnerability, first reported in Autumn 2007, allowed hackers to access the photo galleries of some MySpace users who had set their profiles to private. This is the default setting for users aged under 16. This attack allowed pedophiles and voyeurs to target vulnerable 14- and 15-year-old users.

Brazilian users of Google’s Orkut application were attacked in December 2007 by a worm that attempted to take control of their computers and steal their bank account details. It spread via booby-trapped links placed on the personal page of Orkut users and infected users when they viewed messages that came from friends who had already been exposed.

Google was quick to close the loophole which allowed the attack to take place, but another worm, named Scrapkut, appeared early in 2008. It appeared relatively harmless at first, but it was soon determined that it could intercept the login sessions several Brazilian banking Web sites and replace particular sections with a fake authentication prompt which would capture the users’ logon credentials.

YouTube has also been used indirectly to spread malware. There was a spate of spam messages which asked users to click on an attached YouTube video clip. The link took them to a false YouTube site where they were told that they needed to install Adobe Flash Player to play the video. Clicking the supplied link caused a file called install_flash_player.exe to be downloaded. This is the same name as the real Flash installer, but it actually installed a Trojan known as Trojan-Dropper.W32/Agent.

How Can You Protect Yourself?

We’ve looked at some of the dangers you need to guard against on social networking sites, but what can you do to protect yourself against them? Technology-based attacks can often be repelled by the usual software defenses, ie: anti-virus software can prevent infection by viruses, trojans and worms, and anti-spyware programs can protect you against spyware and adware. A top-quality firewall (remember that the one supplied with Windows XP is fairly basic) can protect you against hackers and Internet safety suites can offer protection against a range of threats.

Behavior-based attacks, which rely on tricking users into behaving unwisely, are harder to deal with as they can only be tackled by a change in user behavior. Get Safe Online provides a number of guidelines for networking safely, including the following:

Don’t let peer pressure persuade you to do something you’re not happy about.

Avoid publishing information which can identify you, eg: phone numbers, pictures of your home, workplace or school, your address, birthday or full name.

Choose a user name that doesn’t include any personal information.

Set up a free email account (eg: Yahoo or GMail) that doesn’t resemble your real name and use that to register and receive mail from the site.

Use a strong password with at least eight characters.

Don’t make comments or post pictures that could prove embarrassing later.

Use the privacy features on the site to control access to your profile.

Watch out for phishing scams.

If you ensure that your software defenses are strong and up-to-date and follow the above guidelines you should be able to enjoy surfing on social networking sites without problems.

Parents of young children should ensure that they are not allowed access to the Internet in an unsupervised environment. Even with older children they should try to keep an eye on their Facebook or MySpace profiles and watch out for any changes in behavior which may indicate that they are encountering online problems.