Archive for Social Networking

| February 28, 2011
One comment

Riskiest Social Media Apps

Riskiest Social Media ApplicationsDarkReading has a report from Seattle-based network security vendor WatchGuard which says that the fastest growing threat to corporate networks is web-based social media applications. The WatchGuard security researchers claim that social media applications can seriously compromise network security, expose sensitive data, and create productivity drains on employees.

Watchguard logoThere are many reasons why social media applications can pose risk to any size business. WatchGuard noted that productivity and data loss are major risks for organizations of all sizes. Social media sites also serve as malware and attack vectors. Social networks will become the leading malware vector over the next few years for three reasons:

  • Social media sites breed a culture of trust. The whole point of social media is to interact with others. Typically interactions are with people considered to be “friends”, which implies trust. Meanwhile, social media sites do not have any technical means to confirm that the people you are interacting with really are who they say they are. This environment of trust creates an ideal scenario for social engineers to use.
  • Many social media sites suffer from technical vulnerabilities. While Web 2.0 technologies offer many benefits, they also harbor many security vulnerabilities. The complexity of Web 2.0 applications can lead to imperfect code, which introduces some social network sites to Web application vulnerabilities, such as SQL injection and cross-site scripting (XSS) attacks. Furthermore, the concept of allowing untrusted users to push content onto social media sites conflicts with traditional security paradigms. Simply put, this means social media sites are more likely to suffer from web vulnerabilities than less complex and less interactive websites.
  • Hugely popular. According to online analytics firm, Compete, Facebook is now the 2nd most popular Web destination after Google. Many other social networks, such as Twitter and YouTube, follow closely behind. The popularity of social networks attracts attackers because they know it means that they can get a “return on investment” for their attacks.

For these reasons, WatchGuard researchers deemed the following applications the riskiest:

Facebook logo1. Facebook is the most dangerous social media site, largely based upon its popularity according to WatchGuard. With a 500+ million user following, Facebook offers a fertile attack surface for hackers. Add in the potential technical concerns, such as a questionable, open App API and now you have a recipe for disaster.

Twitter logo2. Twitter, many incorrectly assume that very little damage could be done in 140 characters. Twitter’s short-form posts lead to new vulnerabilities such as URL shorteners. While URL shorteners can help hackers hide malicious links. Twitter also suffers from Web 2.0 and API-related vulnerabilities that allow various attacks and Twitter worms to propagate among its users.

3. YouTube attracts attackers because it is one of the most popular online video sites. Hackers often create malicious web pages that masquerade as YouTube video pages. Additionally, attackers like to spam the comment section of YouTube videos with malicious links.

4. LinkedIn bears more burden than other social media sites; it is business-oriented. Thus, it makes a more attractive target to attackers, as LinkedIn is highly trusted. Because most users leverage LinkedIn to form business relationships or find jobs, they tend to post more valuable and potentially sensitive information to this social network.

4Chan logo5. 4chan is a popular imageboard, a social media site where users post images and comments. 4chan has been involved in many Internet attacks attributed to “anonymous,” which is the only username that all 4chan users can get. Some of 4chans image boards contain the worst depravities found on the Internet. Many hackers spam their malware to the 4chan forums.

Chatroulette logo6. Chatroulette allows webcam owners to connect and chat with random people. The nature of this anonymous webcam system makes it a likely target for Internet predators.

rb-

I have written about social media risks since 2009, yet many organizations still do not have a social media policy.  Why take the chances?

Does your organization have a social media policy?

Does anybody actually allow 4Chan or Chatroulette?

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Social Networking | Tags: , , , , , , , , , ,
| February 20, 2011
Comments Off on The Demise of Twitter

The Demise of Twitter

The Demise of TwitterThe troubles with Twitter starter long ago.  UK-based researcher Conquest released a report on social media habits of 16-24-year-olds. The online research conducted during January 2011, documents Facebook’s domination of social media and YouTube’s close second place. The Conquest research says that Facebook is the principal means of social and commercial engagement for 16-24-year-old market. FB out-ranks telephone, email and even going out.

FacebookProject Chatter” also found that regular Facebook users (91% of the sample) check their accounts over six times a day. 30% are on the site for over an hour a time. Meanwhile, YouTube is the major conduit for music browsing, consumption, and sharing in this age group. In contrast, 56% of Tweeters claim their activity is dwindling with an average site visit lasting five minutes.

Social media activities

Conquest says that social media for this age group has become the central means of staying up to date and engaging with peers, showcasing oneself, ‘chatting’, ‘liking’, consuming music, videos, and TV, following celebrities, and brands, etc. This group tends to rely on social media to message contacts, increasingly shunning email and telephone. Conquest also spotted a disturbing trend with a significant 20% preferring to meet online than in person.

YouTubeThe dominant site for browsing videos and discovering and sharing music and videos is YouTube. Conquest sees Twitter usage declining among  16-24-year-olds in the future – 20% anticipate using the micro-network less in the next year. 20% of Twitter users told the pollsters that they expected to use the micro-blogging site less in the next 12 months. Facebook users reported a lower expected drop-off rate of 13% after  12 months.

In addition, out of the 42% of the 16-24 years olds interviewed who had used Twitter. More than half (56%) said they used it a little, or a lot less often, or never made active use of the site after visiting it. In an interview with Contagious David Penn, Conquest’s marketing director said:

‘Facebook is used for writing on walls, sharing photos, checking what friends are doing and keeping in contact. It is the most social site of the lot, whereas Twitter is often used for following celebrities and is not really social in that sense. It is almost more of a broadcast medium than an interactive and social one.’

Mr. Penn told Brand Republic that Twitter has peaked among the younger demographic and warned it “may undergo a gradual decline echoing the fate of Myspace and Bebo in internet Siberia”.

rb-

Declining usage by 16-24-year-olds and 60% of users dropping off after the first month doesn’t seem like a good way to support a Wall Street $10 Billion dollar valuation on Twitter. I agree with the Conquest study that Twitter is the least social of the social media’s. I am on Twitter because others are on it, not because there is anything exciting for me.

Twitter has not done its IPO yet, maybe they know there is a problem with their business model. If their IPO flops will that be the start of dot.Bomb 2.0?

What do you think?

Is Twitter destined for “Internet Siberia”?

Will a failed social media IPO cause another Dot.Bomb?

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Social Networking | Tags: , , , ,
| February 5, 2011
2 comments

LinkedIn Lacks Real-Time Backup

LinkedIn Lacks Real-Time BackupIt is always smart to have a backup plan. However, the IPO filings for social media giant LinkedIn revealed they do not have a backup plan. Mashable has a nice summary of LinkedIn’s SEC S-1 form. The business networking site does not have a backup plan. announced that it plans to raise at least $175 million in the initial public offering. According to the forms, LinkedIn earned $161.4 million in revenue from January 2010 to September 2010.

The revenue came from three products:

  • Job listings – 41%
  • Advertising – 32%
  • Premium subscriptions 27%.

Real-time backup data center

Data Center Knowledge found in the IPO was that LinkedIn does not have a real-time backup data center. The article says that a failure of the social media firms primary data center would knock its LinkedIn.com site offline.

We recently implemented a disaster recovery program, which allows us to move production to a backup data center in the event of a catastrophe. Although this program is functional, it does not yet offer a real-time backup data center, so if our primary data center shuts down, there will be a time that the website will remain shut down while the transition to the backup data center takes place” LinkedIn said on page 14 of the SEC filing. The company has key infrastructure located in San Francisco and southern California, which are both prone to earthquakes. “Despite any precautions, we may take, the occurrence of a natural disaster or other unanticipated problems at our hosting facilities could result in lengthy interruptions in our services,” the company said.

The social media site has taken steps to protect its user data. Data Center Knowledge reported that LinkedIn was deploying a business continuity program in an Equinix (EQIX) data center in Chicago. The company said it already housed equipment in Equinix data centers in California. In December 2010, LinkedIn opened a new data center in Los Angeles, saying that the expansion would give “an additional, more robust data center that not only helps us handle the increasing traffic load on our servers, but to also provide more redundancy in case of an emergency.

Data Center Knowledge summarizes that LinkedIn has its backup data stored in a remote data center using a “cold ” or “warm” backup configuration. These approaches don’t provide an instant rollover in the event of a major downtime event but allow a site owner to redeploy the site from the most recent backup. Servers in the backup data center are typically configured with the required software and applications, so they’re ready to be deployed as needed. LinkedIn didn’t indicate how long it might be offline in the event of a data center failure.

Multiple data centers

The Data Center Knowledge article points out that larger Internet companies like Google (GOOG), Microsoft (MSFT), Yahoo (YHOO), and Facebook have multiple data centers and can use their network to quickly shift workloads between different facilities. LinkedIn’s infrastructure has not yet reached that scale. The article suggests that  LinkedIn has not arranged for a real-time backup set up because of the challenges it presents for database-driven sites.  The article uses Facebook’s experience when the social networker added its first East Coast data center in Virginia. The Facebook engineering team found that setting up a second site serving real-time data created “two main application-level challenges: cache consistency and traffic routing,” according to a blog entry by Facebook’s Jason Sobel.

rb-

I have been on LinkedIn for quite a while and never gave their DRP a second thought. Maybe because I didn’t need the job networking connections until recently. Seems to me that if LinkedIn wants to compete with social media favorite Facebook, and grow the paid portions of the site, they need to have 24x7x365 availability. Hopefully, that is in the development pipeline after they raise their $175 million in the IPO.

Is a real-time backup data center a must have for LinkedIn to continue to grow?

Have you had real success with landing your next gig with LinkedIn? Facebook?

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Social Networking | Tags: , , , , , , ,
| January 29, 2011
Comments Off on Facebook Tried to Buy Twitter

Facebook Tried to Buy Twitter

Facebook Tried to Buy Twitter

-Updated 02-12-2011- The Wall Street Journal is reporting that in recent weeks executives from both Facebook Inc. and Google Inc., (GOOG) have been talking about the acquisition of Twitter.  According to the WSJ, the potential suitors have placed an estimated valuation on Twitter of $8 billion to $10 billion.  In case you weren’t paying attention, that is a 3x increase in three months since December 2010 when it was Twitter was valued at $3.7 billion.

Imagine the Bizarro World where social networkers Facebook and Twitter hooked up. In a recent Financial Times interview with Twitter co-founder Biz Stone, he revealed that in 2008, Facebook tried to buy Twitter for $500 million in Facebook stock.

Facebook saw the potential in Twitter but the Twitter big-wigs declined. Mr. Stone told the FT that Twitter wanted to become not just a popular site but a viable business, and not be taken over by another company. “We’ve created something that people are finding value in,” he told the FT. “But we haven’t yet created a business out of this, and we really wanted to do that.”

It is possible that if Facebook had bought Twitter it would have died. As a part of Facebook, Twitter would have been restricted to only one set of users and is unlikely to have gone through its huge period of rapid growth. Its main financial power has been in business and less in social networking according to the FT.

Twitter had 175 million registered users as of November 1, 2010, who sent about 95 million messages a day or 25 billion “tweets” last year. Twitter has pursued rapid growth over profits, but since last spring, it has brought in advertising revenues through paid for “promoted tweets.” In mid-December, Twitter said it had received a major infusion of funds from a group of investors, which reportedly put a $3.7 billion value on the site.

rb-

Well, a valuation of  $3.7 billion or $500 million in Facebook vapor stock seems the Twitter boys did OK for themselves.

Is Twitter worth $3.7 billion? Does it have a business model to support $3.7 billion?

Is Facebook worth $50 billion?

 

Related articles

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Social Networking | Tags: , , , , , ,
| January 24, 2011
Comments Off on Social Media Sites Implement SSL

Social Media Sites Implement SSL

Social Media Sites Implement SSLIn the wake of the October 2010 release of Firesheep many social media websites are stepping up their security. Firesheep is a simple-to-use user account hijacking tool that can give attackers temporary full access to accounts from many of the most popular social media websites.  Social media sites like Facebook (FB), Twitter, Gmail, Hotmail, Flickr, and WordPress, have begun to add full end-to-end encryption.

George Ou at Digital Society tracks SSL implementations on websites and has created an online services report card. The report card grades the way that social media sites implement full end-to-end encryption, and what generic protocols are deemed safe. The latest report card looks like this:

SSL online services report card

SSL iconThe table from Digital Society indicated that only Gmail.com and WordPress free hosting site get an “A” and are fully impervious to partial and full sidejacking and full hijacking of HTTP sessions. The report card gives Facebook, Twitter, and Microsoft’s (MSFT) Hotmail failing grades. The bottom part of the table refers to generic protocols that are commonly used by computers and smartphones. The majority of devices use unsafe versions of protocols according to Digital Society.

Microsoft has announced the general availability of the full-session SSL (HTTPS). The security upgrade has also been applied to other Live services,  including SkyDrive, Photos, and Devices. MSFT says to activate full session SSL (I recommend you do, especially if you ever access these services on public or shared computers), head on over to account.live.com/ManageSSL. After completing their form SSL is activated and all future Web connections will be protected.  It’s important to note, however, that flipping the SSL switch means you won’t be able to reach your Hotmail via Windows Live Mail (desktop), the Outlook Hotmail connector, or the Windows Live app for Windows Mobile 6.5 and Symbian.

The latest Google site to support  SSL-encrypted connections is Google’s Picasa Web. As with many other sites, though, not everything displayed on Picasa Web is encrypted. While the home page and upload form are fully encrypted, gallery pages report as being only partly encrypted. The Google Operating System blog says that many Google services now support HTTPS connections: Gmail (enabled by default), Google Reader, Google Groups, Picasa Web Albums, Google Search, Google Finance, YouTube (partly encrypted). Other services only support encrypted connections: Google Calendar, Google Docs, Google Sites, Google Health, Google Analytics, Google AdSense and AdWords, Google Web History, Google Bookmarks, Google Voice, Google Latitude, Google Checkout.

rb-

HTTPS Everywhere logoEven average users are a bit more in-tune when it comes to security and privacy on the Web today (thanks in part to the recent Firesheep threats). There’s a simple solution: browse using HTTPS when possible. The easiest way to do that is to use Mozilla Firefox and the HTTPS Everywhere from the EFF, which I use and wrote about here.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Social Networking | Tags: , , , , , , , , ,
« Older Entries   Recent Entries »