Tag Archive for LNKD

| February 9, 2012
One comment

Social Network Safety Tips

Social Network Safety TipsIn case you have lived under a rock, social networking sites are very popular. LinkedIn (LNKD) has over 100 million users; 1 billion tweets are posted on Twitter each week and Facebook is approaching 1 billion users. Despite these numbers, they also open users up to more computer viruses and online threats according to a report from Webroot. A Help Net Security article details a few of the threats social network users face. They include:

Social networking malwareBogus e-mails from “friends”: The blog warns that hackers lure users into taking actions they shouldn’t. They do this by making it seem as if a friend within their social network has sent them an in-network e-mail. Only the e-mail is from a hacker who’s hijacked the friend’s account.

Malicious links or bait: This type of scam involves personal messages to users. The messages encourage victims to click on a link. Doing so can do a number of things including sending users to a fake website. There they are prompted to download and install an executable file that turns out to be a virus that infects the user’s PC explains the author.

Identity theftIdentity theft: Social network users who share personal information with their entire network of friends leave themselves vulnerable to hackers. Oversharing details like birth dates, addresses, pets’ names, and other details make it easier for attackers to guess your password and access Yout profile based on the personal information shared reports Help Net Security.

To help increase your PC protection, Webroot advises users to install updatable Internet security software and keep a few simple rules in mind, such as:

Be skeptical – E-mails, friend requests, Web site links, and other items from sources you do not know could be malware.

Social networking privacyUse privacy settingsSocial Networking sites, such as Facebook and Twitter, offer privacy settings that let you control who sees your posts and personal information. Use them to control who access to your page, contact information, etc.

Protect your password – Choose your passwords wisely, incorporate numbers, letters, and special characters, and never use the same password at more than one site.

For those who may need new internet security software, you should select a program that has a multi-level security program to:

  • Block viruses, spyware, spam, Trojans, worms, rootkits, and keyloggers;
  • Make your PC invisible to hackers;
  • Encrypt passwords and remember them for you;
  • Offer multi-layer identity protection;
  • Provide firewall security.
Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| August 12, 2011
One comment

LinkedIn Pulls A Facebook

LinkedIn Pulls A FacebookBusiness social networking firm LinkedIn made me get out of my Bach Seat and jump up and down this morning, LinkedIn (LNKD) pulled a Facebook and made a sneaky change to the terms of service that made user’s names and photographs available to advertisers if they want to use them.

Thankfully BrandImpact tells how to keep up your privacy.

  1. LinkedIn logogClick on your name on your LinkedIn homepage in the upper right corner. From the drop-down menu, select “Settings.”
  2. In the “Settings” page, select “Account.”
  3. In the column next to “Account,” click “Manage Social Advertising.”
  4. Uncheck the box next to “LinkedIn may use my name, photo in social advertising.”
  5. Now check the new default settings under “E-mail Preferences” and “Groups, Companies & Applications.” Make sure to opt-out of “Data Sharing with 3rd-party applications” as well.

In the face of negative user reactions and a growing media firestorm, LinkedIn has decided to make a change in the policy. That’s a step in the right direction. I have written about social networking’s assault on privacy here, here, and here.

rb-

Even though LinkedIn has backtracked on this it still irks me. I believe that most people on LinkedIn are working on their professional brand and do not want to be associated with ads. Facebook is for kids who don’t care, LinkedIn was for professionals. This seems like LinkedIn is wasting the goodwill they’ve built up over the years as it tries to justify its $9 billion IPO valuation. This is not a good sign for LinkedIn, I doubt they can beat Facebook in the teenie-bopper social network segment.

What do you think?

Are you concerned about your privacy on Facebook?

View Results

Loading ... Loading ...
Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Social Networking | Tags: , , , , , , , ,
| June 2, 2011
Comments Off on LinkedIn Accounts can be Hijacked

LinkedIn Accounts can be Hijacked

Help Net Security has a report that users of the newly minted public LinkedIn (LNKD) are in danger of having their account hijacked. The Linkedin accounts can be hacked when accessing them over insecure Wi-Fi networks or public computers. Independent security researcher Rishi Narang told Help Net Security that the risk is due to two reasons. First, the LinkedIn session and authentication cookies have an unnaturally long lifespan. Secondly, LinkedIn does not remove the cookies once the user logs out.

LinkedInThe article says the cookies in question are JSESSIONID and LEO_AUTH_TOKEN, and are available even after the session initiated by the user has been terminated. The cookies are also set to expire only after one solid year, and this fact allowed the researcher to get access to a number of active accounts of various people from all over the world during a period of many months. “They would have login/logged out many times in these months but their cookie was still valid,” Mr.Narnag writes on his blog.

In addition to all of that, those two cookies and the others that the welcome page stores are transmitted in clear text over HTTP, because they don’t have a secure flag set. “If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic,” explains Mr. Narang.

According to the researcher, until LinkedIn makes some changes, the only way to “expire” the cookies is for the users to change their password and then authenticate themselves with the new credentials. This could be a stopgap measure if you know that someone has stolen those cookies and is accessing your account, but won’t new cookies be created after the password change and authentication?

Help Net Security says that the only solution to this problem is for LinkedIn to effect some changes, and according to Reuters, they are planning to offer “opt-in” SSL support for the entire site in the coming months (and that would encrypt the cookies in questions), but have not commented on the cookies have such a long lifespan.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Social Networking | Tags: , , , , , , , , , , , , , ,
| February 28, 2011
One comment

Riskiest Social Media Apps

Riskiest Social Media ApplicationsDarkReading has a report from Seattle-based network security vendor WatchGuard which says that the fastest growing threat to corporate networks is web-based social media applications. The WatchGuard security researchers claim that social media applications can seriously compromise network security, expose sensitive data, and create productivity drains on employees.

Watchguard logoThere are many reasons why social media applications can pose risk to any size business. WatchGuard noted that productivity and data loss are major risks for organizations of all sizes. Social media sites also serve as malware and attack vectors. Social networks will become the leading malware vector over the next few years for three reasons:

  • Social media sites breed a culture of trust. The whole point of social media is to interact with others. Typically interactions are with people considered to be “friends”, which implies trust. Meanwhile, social media sites do not have any technical means to confirm that the people you are interacting with really are who they say they are. This environment of trust creates an ideal scenario for social engineers to use.
  • Many social media sites suffer from technical vulnerabilities. While Web 2.0 technologies offer many benefits, they also harbor many security vulnerabilities. The complexity of Web 2.0 applications can lead to imperfect code, which introduces some social network sites to Web application vulnerabilities, such as SQL injection and cross-site scripting (XSS) attacks. Furthermore, the concept of allowing untrusted users to push content onto social media sites conflicts with traditional security paradigms. Simply put, this means social media sites are more likely to suffer from web vulnerabilities than less complex and less interactive websites.
  • Hugely popular. According to online analytics firm, Compete, Facebook is now the 2nd most popular Web destination after Google. Many other social networks, such as Twitter and YouTube, follow closely behind. The popularity of social networks attracts attackers because they know it means that they can get a “return on investment” for their attacks.

For these reasons, WatchGuard researchers deemed the following applications the riskiest:

Facebook logo1. Facebook is the most dangerous social media site, largely based upon its popularity according to WatchGuard. With a 500+ million user following, Facebook offers a fertile attack surface for hackers. Add in the potential technical concerns, such as a questionable, open App API and now you have a recipe for disaster.

Twitter logo2. Twitter, many incorrectly assume that very little damage could be done in 140 characters. Twitter’s short-form posts lead to new vulnerabilities such as URL shorteners. While URL shorteners can help hackers hide malicious links. Twitter also suffers from Web 2.0 and API-related vulnerabilities that allow various attacks and Twitter worms to propagate among its users.

3. YouTube attracts attackers because it is one of the most popular online video sites. Hackers often create malicious web pages that masquerade as YouTube video pages. Additionally, attackers like to spam the comment section of YouTube videos with malicious links.

4. LinkedIn bears more burden than other social media sites; it is business-oriented. Thus, it makes a more attractive target to attackers, as LinkedIn is highly trusted. Because most users leverage LinkedIn to form business relationships or find jobs, they tend to post more valuable and potentially sensitive information to this social network.

4Chan logo5. 4chan is a popular imageboard, a social media site where users post images and comments. 4chan has been involved in many Internet attacks attributed to “anonymous,” which is the only username that all 4chan users can get. Some of 4chans image boards contain the worst depravities found on the Internet. Many hackers spam their malware to the 4chan forums.

Chatroulette logo6. Chatroulette allows webcam owners to connect and chat with random people. The nature of this anonymous webcam system makes it a likely target for Internet predators.

rb-

I have written about social media risks since 2009, yet many organizations still do not have a social media policy.  Why take the chances?

Does your organization have a social media policy?

Does anybody actually allow 4Chan or Chatroulette?

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Social Networking | Tags: , , , , , , , , , ,
| February 5, 2011
2 comments

LinkedIn Lacks Real-Time Backup

LinkedIn Lacks Real-Time BackupIt is always smart to have a backup plan. However, the IPO filings for social media giant LinkedIn revealed they do not have a backup plan. Mashable has a nice summary of LinkedIn’s SEC S-1 form. The business networking site does not have a backup plan. announced that it plans to raise at least $175 million in the initial public offering. According to the forms, LinkedIn earned $161.4 million in revenue from January 2010 to September 2010.

The revenue came from three products:

  • Job listings – 41%
  • Advertising – 32%
  • Premium subscriptions 27%.

Real-time backup data center

Data Center Knowledge found in the IPO was that LinkedIn does not have a real-time backup data center. The article says that a failure of the social media firms primary data center would knock its LinkedIn.com site offline.

We recently implemented a disaster recovery program, which allows us to move production to a backup data center in the event of a catastrophe. Although this program is functional, it does not yet offer a real-time backup data center, so if our primary data center shuts down, there will be a time that the website will remain shut down while the transition to the backup data center takes place” LinkedIn said on page 14 of the SEC filing. The company has key infrastructure located in San Francisco and southern California, which are both prone to earthquakes. “Despite any precautions, we may take, the occurrence of a natural disaster or other unanticipated problems at our hosting facilities could result in lengthy interruptions in our services,” the company said.

The social media site has taken steps to protect its user data. Data Center Knowledge reported that LinkedIn was deploying a business continuity program in an Equinix (EQIX) data center in Chicago. The company said it already housed equipment in Equinix data centers in California. In December 2010, LinkedIn opened a new data center in Los Angeles, saying that the expansion would give “an additional, more robust data center that not only helps us handle the increasing traffic load on our servers, but to also provide more redundancy in case of an emergency.

Data Center Knowledge summarizes that LinkedIn has its backup data stored in a remote data center using a “cold ” or “warm” backup configuration. These approaches don’t provide an instant rollover in the event of a major downtime event but allow a site owner to redeploy the site from the most recent backup. Servers in the backup data center are typically configured with the required software and applications, so they’re ready to be deployed as needed. LinkedIn didn’t indicate how long it might be offline in the event of a data center failure.

Multiple data centers

The Data Center Knowledge article points out that larger Internet companies like Google (GOOG), Microsoft (MSFT), Yahoo (YHOO), and Facebook have multiple data centers and can use their network to quickly shift workloads between different facilities. LinkedIn’s infrastructure has not yet reached that scale. The article suggests that  LinkedIn has not arranged for a real-time backup set up because of the challenges it presents for database-driven sites.  The article uses Facebook’s experience when the social networker added its first East Coast data center in Virginia. The Facebook engineering team found that setting up a second site serving real-time data created “two main application-level challenges: cache consistency and traffic routing,” according to a blog entry by Facebook’s Jason Sobel.

rb-

I have been on LinkedIn for quite a while and never gave their DRP a second thought. Maybe because I didn’t need the job networking connections until recently. Seems to me that if LinkedIn wants to compete with social media favorite Facebook, and grow the paid portions of the site, they need to have 24x7x365 availability. Hopefully, that is in the development pipeline after they raise their $175 million in the IPO.

Is a real-time backup data center a must have for LinkedIn to continue to grow?

Have you had real success with landing your next gig with LinkedIn? Facebook?

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Social Networking | Tags: , , , , , , ,
« Older Entries   Recent Entries »