Tag Archive for LinkedIn

| March 5, 2011
3 comments

Social Media Sites Most Blocked

Social Media Sites Most BlockedOpenDNS is the largest global DNS service that handles DNS for 1 percent of all Internet users worldwide. The firm resolves 30 billion DNS queries per day and services 15 million requesting IP addresses per day. OpenDNS has released the OpenDNS 2010 Report Web Content Filtering and Phishing, (PDF) which highlights their 2010 findings of social media content filtering with data from their global vantage point.

Web-based content can be filtered by subscribing to services like OpenDNS. These firms categorize the content on the web into broad categories like porn, hate, gambling or social media. This allows organizations to block all content that the service providers places in these categories. For more granular control content may also be filtered by blocking specific websites via blacklisting or by allowing specific websites via whitelisting.

  • Blacklists are typically used when there is no wish to block an entire category in principle, but there is a focus on preventing traffic to specific websites based on a combination of their popularity and content.
  • Whitelists are typically used when there is a desire to block entire categories, but access to selected websites is granted on an exception basis. These sites represent the most trusted sites in their category.

The World’s Most Blocked Websites - OpenDNS

WhitelistedBlacklisted
Site %Site
%
YouTube.com
12.7Facebook.com 14.2
Facebook.com12.6
MySpace.com9.9
Gmail.com 9.2
YouTube.com8.1
Google.com 9.0
Doubleclick.net6.4
Translate.Google.com 6.3
Twitter.com 2.3
LinkedIn.com
6.0Ad.yieldmanager.com 1.9
MySpace.com4.7
Redtube.com 1.4
Skype.com 4.6
Limewire.com 1.3
Deviantart.com 4.3Pornhub.com
1.2
Yahoo.com 3.9Playboy.com 1.2

The report says that businesses have specific goals in mind when blocking websites. They need to ensure compliance with HR policies, while also increasing worker productivity by preventing what they consider to be employee cyberslacking on social media. According to the OpenDNS report, the business list confirms that businesses are singling out popular social media sites considered to be of little value in a work setting, especially if they consume a lot of bandwidth. Filtering by Business Users:

  1. Facebook.com — 23%
  2. MySpace.com — 13%
  3. YouTube.com — 11.9%
  4. Ad.Doubleclick.net — 5.7%
  5. Twitter.com — 4.2%
  6. Hotmail.com — 2.1%
  7. Orkut.com — 2.1%
  8. Ad.Yieldmanager.com — 1.8%
  9. Meebo.com — 1.6%
  10. eBay.com — 1.6%

rb-

The blacklisted sites suggest a concern with the use of bandwidth by streaming sites and with privacy concerns from advertising networks. We will be exploring the web app Meebo, which lets users get on web 2.0 apps like MSN, Yahoo, AOL/AIM, MySpace, Facebook, and Google Talk by simply using a browser and a popular workaround even when the desktops are locked down.

The fact that many of the same sites that appear on both the Whitelisted and Blacklisted lists is a sign of how confused the responses are to social networking, All the better reason to have a social media policy in place.

How does your organization handle content filtering?

Does your AUP address social networking?

Related articles

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Social Networking | Tags: , , , , , , ,
| February 28, 2011
One comment

Riskiest Social Media Apps

Riskiest Social Media ApplicationsDarkReading has a report from Seattle-based network security vendor WatchGuard which says that the fastest growing threat to corporate networks is web-based social media applications. The WatchGuard security researchers claim that social media applications can seriously compromise network security, expose sensitive data, and create productivity drains on employees.

Watchguard logoThere are many reasons why social media applications can pose risk to any size business. WatchGuard noted that productivity and data loss are major risks for organizations of all sizes. Social media sites also serve as malware and attack vectors. Social networks will become the leading malware vector over the next few years for three reasons:

  • Social media sites breed a culture of trust. The whole point of social media is to interact with others. Typically interactions are with people considered to be “friends”, which implies trust. Meanwhile, social media sites do not have any technical means to confirm that the people you are interacting with really are who they say they are. This environment of trust creates an ideal scenario for social engineers to use.
  • Many social media sites suffer from technical vulnerabilities. While Web 2.0 technologies offer many benefits, they also harbor many security vulnerabilities. The complexity of Web 2.0 applications can lead to imperfect code, which introduces some social network sites to Web application vulnerabilities, such as SQL injection and cross-site scripting (XSS) attacks. Furthermore, the concept of allowing untrusted users to push content onto social media sites conflicts with traditional security paradigms. Simply put, this means social media sites are more likely to suffer from web vulnerabilities than less complex and less interactive websites.
  • Hugely popular. According to online analytics firm, Compete, Facebook is now the 2nd most popular Web destination after Google. Many other social networks, such as Twitter and YouTube, follow closely behind. The popularity of social networks attracts attackers because they know it means that they can get a “return on investment” for their attacks.

For these reasons, WatchGuard researchers deemed the following applications the riskiest:

Facebook logo1. Facebook is the most dangerous social media site, largely based upon its popularity according to WatchGuard. With a 500+ million user following, Facebook offers a fertile attack surface for hackers. Add in the potential technical concerns, such as a questionable, open App API and now you have a recipe for disaster.

Twitter logo2. Twitter, many incorrectly assume that very little damage could be done in 140 characters. Twitter’s short-form posts lead to new vulnerabilities such as URL shorteners. While URL shorteners can help hackers hide malicious links. Twitter also suffers from Web 2.0 and API-related vulnerabilities that allow various attacks and Twitter worms to propagate among its users.

3. YouTube attracts attackers because it is one of the most popular online video sites. Hackers often create malicious web pages that masquerade as YouTube video pages. Additionally, attackers like to spam the comment section of YouTube videos with malicious links.

4. LinkedIn bears more burden than other social media sites; it is business-oriented. Thus, it makes a more attractive target to attackers, as LinkedIn is highly trusted. Because most users leverage LinkedIn to form business relationships or find jobs, they tend to post more valuable and potentially sensitive information to this social network.

4Chan logo5. 4chan is a popular imageboard, a social media site where users post images and comments. 4chan has been involved in many Internet attacks attributed to “anonymous,” which is the only username that all 4chan users can get. Some of 4chans image boards contain the worst depravities found on the Internet. Many hackers spam their malware to the 4chan forums.

Chatroulette logo6. Chatroulette allows webcam owners to connect and chat with random people. The nature of this anonymous webcam system makes it a likely target for Internet predators.

rb-

I have written about social media risks since 2009, yet many organizations still do not have a social media policy.  Why take the chances?

Does your organization have a social media policy?

Does anybody actually allow 4Chan or Chatroulette?

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Social Networking | Tags: , , , , , , , , , ,
| February 5, 2011
2 comments

LinkedIn Lacks Real-Time Backup

LinkedIn Lacks Real-Time BackupIt is always smart to have a backup plan. However, the IPO filings for social media giant LinkedIn revealed they do not have a backup plan. Mashable has a nice summary of LinkedIn’s SEC S-1 form. The business networking site does not have a backup plan. announced that it plans to raise at least $175 million in the initial public offering. According to the forms, LinkedIn earned $161.4 million in revenue from January 2010 to September 2010.

The revenue came from three products:

  • Job listings – 41%
  • Advertising – 32%
  • Premium subscriptions 27%.

Real-time backup data center

Data Center Knowledge found in the IPO was that LinkedIn does not have a real-time backup data center. The article says that a failure of the social media firms primary data center would knock its LinkedIn.com site offline.

We recently implemented a disaster recovery program, which allows us to move production to a backup data center in the event of a catastrophe. Although this program is functional, it does not yet offer a real-time backup data center, so if our primary data center shuts down, there will be a time that the website will remain shut down while the transition to the backup data center takes place” LinkedIn said on page 14 of the SEC filing. The company has key infrastructure located in San Francisco and southern California, which are both prone to earthquakes. “Despite any precautions, we may take, the occurrence of a natural disaster or other unanticipated problems at our hosting facilities could result in lengthy interruptions in our services,” the company said.

The social media site has taken steps to protect its user data. Data Center Knowledge reported that LinkedIn was deploying a business continuity program in an Equinix (EQIX) data center in Chicago. The company said it already housed equipment in Equinix data centers in California. In December 2010, LinkedIn opened a new data center in Los Angeles, saying that the expansion would give “an additional, more robust data center that not only helps us handle the increasing traffic load on our servers, but to also provide more redundancy in case of an emergency.

Data Center Knowledge summarizes that LinkedIn has its backup data stored in a remote data center using a “cold ” or “warm” backup configuration. These approaches don’t provide an instant rollover in the event of a major downtime event but allow a site owner to redeploy the site from the most recent backup. Servers in the backup data center are typically configured with the required software and applications, so they’re ready to be deployed as needed. LinkedIn didn’t indicate how long it might be offline in the event of a data center failure.

Multiple data centers

The Data Center Knowledge article points out that larger Internet companies like Google (GOOG), Microsoft (MSFT), Yahoo (YHOO), and Facebook have multiple data centers and can use their network to quickly shift workloads between different facilities. LinkedIn’s infrastructure has not yet reached that scale. The article suggests that  LinkedIn has not arranged for a real-time backup set up because of the challenges it presents for database-driven sites.  The article uses Facebook’s experience when the social networker added its first East Coast data center in Virginia. The Facebook engineering team found that setting up a second site serving real-time data created “two main application-level challenges: cache consistency and traffic routing,” according to a blog entry by Facebook’s Jason Sobel.

rb-

I have been on LinkedIn for quite a while and never gave their DRP a second thought. Maybe because I didn’t need the job networking connections until recently. Seems to me that if LinkedIn wants to compete with social media favorite Facebook, and grow the paid portions of the site, they need to have 24x7x365 availability. Hopefully, that is in the development pipeline after they raise their $175 million in the IPO.

Is a real-time backup data center a must have for LinkedIn to continue to grow?

Have you had real success with landing your next gig with LinkedIn? Facebook?

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Social Networking | Tags: , , , , , , ,
| December 21, 2010
One comment

Social Media Bubble

Social Media BubbleThere is growing speculation that a backlash against social networking is brewing. At CustomerThink.com there was a recent article When the social media bubble burst which points out that “We rarely see people as enthused as they are over social media. Among those recent rare times are: when the high-tech balloon popped; at the height of the housing bubble; just before the market crashed; and when Sarah Palin was nominated for VP. Hey, exuberance can be headiest just before the fall.”

Socail media

The author, Axel Schultze, CEO of the social business application development firm Xeesm says YES. Schultze believes that the social media bubble is about to burst. Schultze, the founder of the Social Media Academy, said in the article that people are starting the usefulness of social media, “People are recognizing already that the endless hours of watching the incoming streams from Twitter and Facebook or all the status updates on LinkedIn are hours wasted. All the paid tweets and people or agencies, who have been hired to tweet are not going to contribute to the bottom line. And the fan pages people build to get “fans, followers, connections” just hope that it will do something for the business – but it won’t.”

Schultze concludes that the social networking bubble will burst because, “Socializing is work, it takes time and focus, discipline and a clear understanding what to do and what not to do. And as 80% of humans continue to look for getting the job done automatically and get rich instantly, they will leave the social web because they just learned again and again – there is no free lunch.”

rb-

In the article, Schultze reiterates the fundamental change factor of the Internet, “from anywhere at any time”, when he says that the biggest benefit of social media is to do “more business with more people in a grander geography and in less time than ever before.” Schultze continues that the benefits of social media come at a price, “…the price you pay is to be more open, more social, more connected, more interactive, more helpful and more conversational than ever before.” Making organizations more open, more social, more connected, interactive, and helpful is hard work which means that many organizations will fail and the social networking bubble will burst.

Related articles

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Social Networking | Tags: , , , , , , , , , ,
| November 21, 2010
Comments Off on Facebook is Biggest Social Networking Risk

Facebook is Biggest Social Networking Risk

Facebook is Biggest Social Networking Risk Data from anti-malware vendor Sophos2010 Security Threat Report (PDF) says Facebook is the leader in privacy risks, spam, and other malicious activity. 60 percent of the respondents to a Sophos survey identified Facebook as the biggest security risk in social networking, followed by MySpace (18%), Twitter (17%), and LinkedIn (4%).

It is not surprising that users regard Facebook as the top risk. Facebook’s over 500 million users, offer criminals a cornucopia of personal data to exploit. “Computer users are spending more time on social networks, sharing sensitive and valuable personal information, and hackers have sniffed out where the money is to be made,” said Graham Cluley, senior technology consultant for Sophos.

Criminals have focused their efforts on social media

Sophos’ research shows that criminals have focused their efforts on social networking users in the last 12 months creating an “explosion” in social networking spam and malware complaints. Sophos found that 57% of social network users were spammed on one of the sites, an increase of 70 percent compared to last year.  They also found 36%  of social network users reported being sent malware, a 70% increase over last year. “The dramatic rise in attacks in the last year tells us that social networks and their millions of users have to do more to protect themselves from organized cybercrime, or risk falling prey to identity theft schemes, scams, and malware attacks,” Sophos’ Cluley added.

Three things working against Facebook users

There are three things working against Facebook users, themselves, malware, and Facebook. Facebook users typically give away more private information to Facebook than other sites. Though most people’s profiles it is possible to find out their first, last, and maiden names, where they live, where they went to school, and even worse, historical information like where they lived in the past. A lot of this private information is required on many online credit checks, providing a boom for criminals looking to exploit a user’s credit history or steal their identity.

The most common malware used on social networks is Koobface. Koobface can target all the popular social portals, including Facebook, MySpace, Bebo, Friendster, Tagged, and Twitter. According to the report, Koobface is capable of, “... registering a Facebook account, activating the account by confirming an email sent to a Gmail address, befriending random strangers on the site, joining random Facebook groups, and posting messages on the walls of Facebook friends. Furthermore, it includes code to avoid drawing attention to itself by restricting how many new Facebook friends it makes each day.

Another threat is Facebook applications. Criminals can create malicious Facebook applications designed to steal information and they can find holes in pre-existing applications and exploit them. Legitimate Facebook apps will give away your information if you allow them to (as I have written about here and here). Once an app has permission it can harvest all the information in a Facebook profile and send it to criminals. Before users grant an application access to all of their information, they should Google the publisher to see if they are legitimate or not. Any application that starts doing anything strange or suspicious should be removed immediately.

Facebook has tried to address these risks by issuing a new privacy policy. However, Sophos’ Cluley called it a step backward, because the new settings are “encouraging many users to share their information with everybody on the internet.” According to Facebook only 35% of their users actually customized their settings leaving 65% who presumably didn’t change their settings and continue to share valuable data, which is then used to propagate spam and malware.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Social Networking | Tags: , , , , , , , , , , , , ,
  Recent Entries »