Archive for February 28, 2011

| February 28, 2011
One comment

Riskiest Social Media Apps

Riskiest Social Media ApplicationsDarkReading has a report from Seattle-based network security vendor WatchGuard which says that the fastest growing threat to corporate networks is web-based social media applications. The WatchGuard security researchers claim that social media applications can seriously compromise network security, expose sensitive data, and create productivity drains on employees.

Watchguard logoThere are many reasons why social media applications can pose risk to any size business. WatchGuard noted that productivity and data loss are major risks for organizations of all sizes. Social media sites also serve as malware and attack vectors. Social networks will become the leading malware vector over the next few years for three reasons:

  • Social media sites breed a culture of trust. The whole point of social media is to interact with others. Typically interactions are with people considered to be “friends”, which implies trust. Meanwhile, social media sites do not have any technical means to confirm that the people you are interacting with really are who they say they are. This environment of trust creates an ideal scenario for social engineers to use.
  • Many social media sites suffer from technical vulnerabilities. While Web 2.0 technologies offer many benefits, they also harbor many security vulnerabilities. The complexity of Web 2.0 applications can lead to imperfect code, which introduces some social network sites to Web application vulnerabilities, such as SQL injection and cross-site scripting (XSS) attacks. Furthermore, the concept of allowing untrusted users to push content onto social media sites conflicts with traditional security paradigms. Simply put, this means social media sites are more likely to suffer from web vulnerabilities than less complex and less interactive websites.
  • Hugely popular. According to online analytics firm, Compete, Facebook is now the 2nd most popular Web destination after Google. Many other social networks, such as Twitter and YouTube, follow closely behind. The popularity of social networks attracts attackers because they know it means that they can get a “return on investment” for their attacks.

For these reasons, WatchGuard researchers deemed the following applications the riskiest:

Facebook logo1. Facebook is the most dangerous social media site, largely based upon its popularity according to WatchGuard. With a 500+ million user following, Facebook offers a fertile attack surface for hackers. Add in the potential technical concerns, such as a questionable, open App API and now you have a recipe for disaster.

Twitter logo2. Twitter, many incorrectly assume that very little damage could be done in 140 characters. Twitter’s short-form posts lead to new vulnerabilities such as URL shorteners. While URL shorteners can help hackers hide malicious links. Twitter also suffers from Web 2.0 and API-related vulnerabilities that allow various attacks and Twitter worms to propagate among its users.

3. YouTube attracts attackers because it is one of the most popular online video sites. Hackers often create malicious web pages that masquerade as YouTube video pages. Additionally, attackers like to spam the comment section of YouTube videos with malicious links.

4. LinkedIn bears more burden than other social media sites; it is business-oriented. Thus, it makes a more attractive target to attackers, as LinkedIn is highly trusted. Because most users leverage LinkedIn to form business relationships or find jobs, they tend to post more valuable and potentially sensitive information to this social network.

4Chan logo5. 4chan is a popular imageboard, a social media site where users post images and comments. 4chan has been involved in many Internet attacks attributed to “anonymous,” which is the only username that all 4chan users can get. Some of 4chans image boards contain the worst depravities found on the Internet. Many hackers spam their malware to the 4chan forums.

Chatroulette logo6. Chatroulette allows webcam owners to connect and chat with random people. The nature of this anonymous webcam system makes it a likely target for Internet predators.

rb-

I have written about social media risks since 2009, yet many organizations still do not have a social media policy.  Why take the chances?

Does your organization have a social media policy?

Does anybody actually allow 4Chan or Chatroulette?

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Social Networking | Tags: , , , , , , , , , ,
| February 26, 2011
Comments Off on College Education Bubble

College Education Bubble

College Education Bubble-Updated 03-19-2011- The Business Insider says that It’s Stupid To Go To Harvard — You’ll Do Better As A Plumber. According to the article, Princeton University shows that expensive college degrees are not necessarily worth the lofty price tags in the long run when you take into account one’s natural ability.

The Business Insider noted the price of a college education, versus the CPI, has sky-rocketed since 1980. The cost of college has outpaced the housing bubble, with many of the same characteristics, including a government-sponsored credit bubble.  The value per dollar spent on an American college education is declining because of competitive quality concerns especially when compared to China.

College cost increaded faster thna housing

The story seems oddly familiar. During any bubble, the buyers think what they’re buying will appreciate in value, making them rich in the future. The product grows more and more elaborate, and more and more expensive, but the cost is offset by cheap credit provided by sellers eager to encourage buyers to buy. Buyers see that everyone else is taking on mounds of debt, and so are more comfortable when they do so themselves; besides, for a generation, the value of what they’re buying has gone up steadily. What could go wrong? Everything continues smoothly until, at some point, it doesn’t.

Are we talking about the housing market or the higher ed market? Yes

In an Op/Ed piece on the Washington Examiner, Glenn Harlan Reynolds, a professor of law at the University of Tennessee explains that College has gotten a lot more expensive. The professor cites a Money magazine report, “After adjusting for financial aid, the amount families pay for college has skyrocketed 439 percent since 1982. … Normal supply and demand can’t begin to explain cost increases of this magnitude.” Based on those facts, the professor says consumers would balk at paying for higher ed except for two things according to Mr. Reynolds.

First — as with the housing bubble — cheap and readily available credit has let people borrow to finance education. They’re willing to do so because of (1) consumer ignorance, as students (and, often, their parents) don’t fully grasp just how harsh the impact of student loan payments will be after graduation; and (2) a belief that, whatever the cost, a college education is a necessary ticket to future prosperity.

Mr. Reynolds concludes, “Bubbles burst when people catch on and there are no longer enough excessively optimistic and ignorant folks to fuel them. There’s some evidence that people are beginning to catch on.” The Washington Examiner says that student loan demand is going soft, and students are expressing a willingness to go to a cheaper school than run-up debt. The Washington Post reports that one-quarter of students who took out federal loans to attend for-profit colleges defaulted within three years of starting repayment, according to a new federal analysis. Things haven’t collapsed yet, but they’re looking like the housing market looked in 2007. So what happens if the bubble collapses? Will it be a tragedy, with millions of Americans losing their path to higher-paying jobs?

Maybe not. College is often described as a path to prosperity, but is it? A college education can help people make more money in three different ways.

  1. It may actually make them more economically productive by teaching them skills valued in the workplace: Computer programming, nursing, or engineering.
  2. It may provide a credential that employers want, not because it represents real skills, but because it’s a weeding tool that doesn’t produce civil-rights suits as, say, IQ tests might. A four-year college degree, even if its holder acquired no actual skills, at least indicates some ability to show up on time and work as instructed.
  3. A college degree, at least an elite one, may hook its holder up with a useful social network that can provide jobs and opportunities in the future.

While an individual might rationally pursue all three of these, the professor says that only the first one, actually added skills, produces a net benefit for society. The other two are just distributional, about who gets the goodies, not about making more of them. Yet today’s college education system seems to be in the business of selling parts two and three to a much greater degree than part one, along with selling the even-harder-to-quantify “college experience,” which as often as not boils down to “four (or more) years of partying.”

Just if there are any doubts that the higher-ed market is broken, the costs of higher-end has outpaced even the totally dysfunctional healthcare market.

Tuition costs soar

rb-

In the aftermath of the bubble bursting, higher-ed will have to change. As we have seen in the housing bubble, industries do not reform themselves (and the government doesn’t care). If you’re planning on applying to college, watch out for those student loans. Unlike a bad mortgage on an underwater house, students can’t simply walk away from their student loans and they cannot be expunged in bankruptcy. Student loans are a financial trap.

In a mature industry like higher education, real competition usually comes from the outside. The next educational revolution will be on the internet, online coursework, and the work of “edupunks

Are you taking online classes to save cash?

View Results

Loading ... Loading ...
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized | Tags: , , , ,
| February 23, 2011
Comments Off on The Value of Stolen Credentials

The Value of Stolen Credentials

The Value of Stolen CredentialsThe evolution of Web 2.0 services and the parallel world of cybercrime is driving up the value of stolen credentials. That is the price that criminals charge each other for stolen user login information. The price of a file of user credentials, aka a `dump’ depends on the Internet service(s) where they can be used, Amichai Shulman, CTO of Imperva told Help Net Security.

Impeva logoImperva CTO Shulman told Net Security, “Just five years ago, the illegal trade in credit card details was a rising problem for the financial services industry, as well as their customers, with platinum and corporate cards being highly prized by the fraudsters … there are reports of Twitter credentials changing hands for up to $1,000 owing to the revenue generation that is possible from a Web 2.0 services account. This confirms our observations that credentials can fetch a high sum according to both the popularity of the application and the popularity of the account in question.”

The value of stolen credentials

This is illustrated by the ‘going rate’ of $1.50 for a Hotmail account, and $80.00-plus for a Gmail account. As a service, Hotmail has fallen out of favor, while Gmail’s all-around flexibility means it is a central service for business users, Mr. Shulman said. The result is that Gmail credentials can also give access to a range of Google cloud services. The vulnerable services including Google Docs and Adword accounts. Mr. Shulman explained that Google Docs can contain valuable additional information on the legitimate owner. Furthermore, an Adwords account can allow criminals to manipulate existing and trusted search engine results.

Twittter logoIt is a similar story with Twitter accounts. The added dimension of the immediacy of a social networking connection said, Mr. Shulman. “Twitter accounts are valuable to criminals that they will use almost any technique to harvest user credentials, including targeted phishing attacks. Once a fraudster gains access to a Twitter account, they can misuse it in a variety of ways to further their fraudulent activities,” he said. This happens because users are reusing passwords on other sites Some of those other sites turn out to have not been secure.

That’s the thing; as soon as any of the sites you log in to gets compromised, the email address or username and password associated with it can be tried by the bad guy on various other services. Since most people re-use passwords, there’s a high likelihood that they will gain access to your account. From there, who knows what kind of damage they might cause. If you’re lucky, you’ll notice something’s amiss. Twitter advised that people are continuing to use the same email address and password (or a variant) on multiple sites. We strongly suggest that you use different passwords for each service you sign up for.

Stolen online banking credentials

In a related article, Trusteer reports that most online banking customers reuse their login credentials on non-financial websites. Trusteer found that 73% of bank customers use their banking account passwords to access much less secure websites. They also found that 47% use both their online banking user ID and password to log in elsewhere on the Internet.

Cybercriminals are exploiting the widespread reuse of online banking credentials. These criminals have devised various methods to harvest login credentials from less secure sources, such as webmail and social network websites. Once acquired, these usernames and passwords are tested on financial services sites to commit fraud.

The report’s key findings include:

  • 73% of users share the passwords which they use for online banking, with at least one nonfinancial website.
  • 47% of users share both their user ID and password with at least one nonfinancial website.
  • When a bank allows users to choose their own user ID, 65% of users share this ID with nonfinancial websites.
  • When a bank chooses the user ID for its customers, 42% use the bank-issued user ID with at least one other website.

Using stolen credentials remains the easiest way for criminals to bypass the security measures implemented by banks to protect their online applications, so we wanted to see how often users repurpose their financial service usernames and passwords,” said Amit Klein, CTO of Trusteer and head of the company’s research organization. “Our findings were very surprising, and reveal that consumers are not aware, or are choosing to ignore, the security implications of reusing their banking credentials on multiple websites.

If this isn’t a wake-up call to anyone with multiple IDs that use the same password, I don’t know what is. Internet users – especially those with business accounts – need to use different passwords for different services, or they could face the disastrous consequences of taking a slack approach to their credentials,” Shulman told Help Net Security.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Data protection | Tags: , , , , , , , , , ,
| February 21, 2011
Comments Off on Apple Disrupts Mobile PC Market

Apple Disrupts Mobile PC Market

Apple Disrupts Mobile PC MarketApple is riding a wave of success now and is disrupting the mobile PC market for its competition. KPCB says that social networking will drive the mobile PC market for the rest of this decade. Facebook has 662 million users and Twitter has 253 million users which will continue to grow. TechEYE points out that mobile products now have more processing power, improved user interfaces, and lower prices meaning that there are now ten times more mobile devices globally than a decade ago.

social networking and mobile devicesTechEYE says that the link between social networking and mobile devices can be seen clearly in the Japanese market where a general rise in access to social networking sites has increased, while the number of people accessing them from a traditional PC has steadily decreased – 85 percent of users accessing sites from mobile devices in the last quarter of 2010.

Surging iPad shipments have propelled Apple (AAPL) to a 17.2% share of the global mobile PC market. ITnewsLink reports that this puts Apple at the top of the Q4’10 DisplaySearch market share ranking of worldwide mobile PC shipments. The preliminary results from the Quarterly Mobile PC Shipment and Forecast Report says Apple shipped more than 10.2 million notebook and tablet PCs combined. This was nearly a million more units than HP in Q4’10. ITnewsLink quotes Richard Shim, Senior Analyst at DisplaySearch on Apple’s success.

“While we anticipate increased competition in the tablet PC market later this year with the introduction of Android Honeycomb-based tablets, Apple’s iPad business is complementing a notebook line whose shipments widely exceed the industry average growth rate. Apple is currently benefiting from significant and comprehensive growth from both sectors of the mobile PC spectrum, notebooks and tablet PCs. Cannibalization seems limited at this point.”

Apple ComputersThe top five brands in the mobile PC market Q4’10 are:

  1. Apple
  2. HP (HPQ)
  3. Acer (2353)
  4. Dell (DELL)
  5. Toshiba (TOSBF)

The top five brands accounted for 65.4% of the total mobile PC market. In Q4’10, worldwide mobile PC shipments (including tablet PCs) reached 59.6 million units according to DisplaySearch.

The drive to keep up with the Jobs’s will cause supply chain disruptions for Apple’s mobile PC competition TechEYE says. DigiTimes reports that supplies of notebook components are running short, including CMOS image sensors, chassis, batteries, and LED’s. TechEYE sources report that touchpads are suffering the most serious shortage as a result of Apple hogging the supply from manufacturers such as Wintek and TPK. Reports are that Apple has reserved 60% of global touchpad production capacity. RIM (RIMM), Motorola (MMI), HP. HTC, Samsung, LG, and Dell now all have to fight it out for the remaining 40% of touchpads.

TechEYE predicts that panels will be like gold dust. Bob Raikes, Managing Director at Meko, The European Display Market Research specialist, told TechEye, “Touch technology also tended to limit the visual quality of the display …  Then Apple’s iPhone started to use projected capacitive touch technology. which didn’t degrade the image and allowed a new level of user experience.”

In the last year, there has been a huge swing to use projected capacitive technology in high volume portable devices, and the supply chain has struggled to catch up.  Chunghwa Picture Tubes is teaming up with Compal, one of the biggest manufacturers of laptops for multinationals, to piece together a business in touch panel glass. Compal recognizes that tablets are here to drain the world of its glass supplies and wants to capitalize.

rb-

Looks like Steve Jobs is at it again. In the past, Apple bought up flash memory stores to secure an advantage for their iPod  MP3 players. You have to imagine that the rest of the tablet field is none too pleased with Apple’s tactics.

What do you think?

Do you use a tablet?

View Results

Loading ... Loading ...

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,
| February 20, 2011
Comments Off on The Demise of Twitter

The Demise of Twitter

The Demise of TwitterThe troubles with Twitter starter long ago.  UK-based researcher Conquest released a report on social media habits of 16-24-year-olds. The online research conducted during January 2011, documents Facebook’s domination of social media and YouTube’s close second place. The Conquest research says that Facebook is the principal means of social and commercial engagement for 16-24-year-old market. FB out-ranks telephone, email and even going out.

FacebookProject Chatter” also found that regular Facebook users (91% of the sample) check their accounts over six times a day. 30% are on the site for over an hour a time. Meanwhile, YouTube is the major conduit for music browsing, consumption, and sharing in this age group. In contrast, 56% of Tweeters claim their activity is dwindling with an average site visit lasting five minutes.

Social media activities

Conquest says that social media for this age group has become the central means of staying up to date and engaging with peers, showcasing oneself, ‘chatting’, ‘liking’, consuming music, videos, and TV, following celebrities, and brands, etc. This group tends to rely on social media to message contacts, increasingly shunning email and telephone. Conquest also spotted a disturbing trend with a significant 20% preferring to meet online than in person.

YouTubeThe dominant site for browsing videos and discovering and sharing music and videos is YouTube. Conquest sees Twitter usage declining among  16-24-year-olds in the future – 20% anticipate using the micro-network less in the next year. 20% of Twitter users told the pollsters that they expected to use the micro-blogging site less in the next 12 months. Facebook users reported a lower expected drop-off rate of 13% after  12 months.

In addition, out of the 42% of the 16-24 years olds interviewed who had used Twitter. More than half (56%) said they used it a little, or a lot less often, or never made active use of the site after visiting it. In an interview with Contagious David Penn, Conquest’s marketing director said:

‘Facebook is used for writing on walls, sharing photos, checking what friends are doing and keeping in contact. It is the most social site of the lot, whereas Twitter is often used for following celebrities and is not really social in that sense. It is almost more of a broadcast medium than an interactive and social one.’

Mr. Penn told Brand Republic that Twitter has peaked among the younger demographic and warned it “may undergo a gradual decline echoing the fate of Myspace and Bebo in internet Siberia”.

rb-

Declining usage by 16-24-year-olds and 60% of users dropping off after the first month doesn’t seem like a good way to support a Wall Street $10 Billion dollar valuation on Twitter. I agree with the Conquest study that Twitter is the least social of the social media’s. I am on Twitter because others are on it, not because there is anything exciting for me.

Twitter has not done its IPO yet, maybe they know there is a problem with their business model. If their IPO flops will that be the start of dot.Bomb 2.0?

What do you think?

Is Twitter destined for “Internet Siberia”?

Will a failed social media IPO cause another Dot.Bomb?

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Social Networking | Tags: , , , ,
« Older Entries