Tag Archive for Social media

| December 21, 2010
One comment

Social Media Bubble

Social Media BubbleThere is growing speculation that a backlash against social networking is brewing. At CustomerThink.com there was a recent article When the social media bubble burst which points out that “We rarely see people as enthused as they are over social media. Among those recent rare times are: when the high-tech balloon popped; at the height of the housing bubble; just before the market crashed; and when Sarah Palin was nominated for VP. Hey, exuberance can be headiest just before the fall.”

Socail media

The author, Axel Schultze, CEO of the social business application development firm Xeesm says YES. Schultze believes that the social media bubble is about to burst. Schultze, the founder of the Social Media Academy, said in the article that people are starting the usefulness of social media, “People are recognizing already that the endless hours of watching the incoming streams from Twitter and Facebook or all the status updates on LinkedIn are hours wasted. All the paid tweets and people or agencies, who have been hired to tweet are not going to contribute to the bottom line. And the fan pages people build to get “fans, followers, connections” just hope that it will do something for the business – but it won’t.”

Schultze concludes that the social networking bubble will burst because, “Socializing is work, it takes time and focus, discipline and a clear understanding what to do and what not to do. And as 80% of humans continue to look for getting the job done automatically and get rich instantly, they will leave the social web because they just learned again and again – there is no free lunch.”

rb-

In the article, Schultze reiterates the fundamental change factor of the Internet, “from anywhere at any time”, when he says that the biggest benefit of social media is to do “more business with more people in a grander geography and in less time than ever before.” Schultze continues that the benefits of social media come at a price, “…the price you pay is to be more open, more social, more connected, more interactive, more helpful and more conversational than ever before.” Making organizations more open, more social, more connected, interactive, and helpful is hard work which means that many organizations will fail and the social networking bubble will burst.

Related articles

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Social Networking | Tags: , , , , , , , , , ,
| November 21, 2010
Comments Off on Facebook is Biggest Social Networking Risk

Facebook is Biggest Social Networking Risk

Facebook is Biggest Social Networking Risk Data from anti-malware vendor Sophos2010 Security Threat Report (PDF) says Facebook is the leader in privacy risks, spam, and other malicious activity. 60 percent of the respondents to a Sophos survey identified Facebook as the biggest security risk in social networking, followed by MySpace (18%), Twitter (17%), and LinkedIn (4%).

It is not surprising that users regard Facebook as the top risk. Facebook’s over 500 million users, offer criminals a cornucopia of personal data to exploit. “Computer users are spending more time on social networks, sharing sensitive and valuable personal information, and hackers have sniffed out where the money is to be made,” said Graham Cluley, senior technology consultant for Sophos.

Criminals have focused their efforts on social media

Sophos’ research shows that criminals have focused their efforts on social networking users in the last 12 months creating an “explosion” in social networking spam and malware complaints. Sophos found that 57% of social network users were spammed on one of the sites, an increase of 70 percent compared to last year.  They also found 36%  of social network users reported being sent malware, a 70% increase over last year. “The dramatic rise in attacks in the last year tells us that social networks and their millions of users have to do more to protect themselves from organized cybercrime, or risk falling prey to identity theft schemes, scams, and malware attacks,” Sophos’ Cluley added.

Three things working against Facebook users

There are three things working against Facebook users, themselves, malware, and Facebook. Facebook users typically give away more private information to Facebook than other sites. Though most people’s profiles it is possible to find out their first, last, and maiden names, where they live, where they went to school, and even worse, historical information like where they lived in the past. A lot of this private information is required on many online credit checks, providing a boom for criminals looking to exploit a user’s credit history or steal their identity.

The most common malware used on social networks is Koobface. Koobface can target all the popular social portals, including Facebook, MySpace, Bebo, Friendster, Tagged, and Twitter. According to the report, Koobface is capable of, “... registering a Facebook account, activating the account by confirming an email sent to a Gmail address, befriending random strangers on the site, joining random Facebook groups, and posting messages on the walls of Facebook friends. Furthermore, it includes code to avoid drawing attention to itself by restricting how many new Facebook friends it makes each day.

Another threat is Facebook applications. Criminals can create malicious Facebook applications designed to steal information and they can find holes in pre-existing applications and exploit them. Legitimate Facebook apps will give away your information if you allow them to (as I have written about here and here). Once an app has permission it can harvest all the information in a Facebook profile and send it to criminals. Before users grant an application access to all of their information, they should Google the publisher to see if they are legitimate or not. Any application that starts doing anything strange or suspicious should be removed immediately.

Facebook has tried to address these risks by issuing a new privacy policy. However, Sophos’ Cluley called it a step backward, because the new settings are “encouraging many users to share their information with everybody on the internet.” According to Facebook only 35% of their users actually customized their settings leaving 65% who presumably didn’t change their settings and continue to share valuable data, which is then used to propagate spam and malware.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Social Networking | Tags: , , , , , , , , , , , , ,
| October 24, 2010
Comments Off on Facebook Privacy Fail Again

Facebook Privacy Fail Again

Facebook Privacy Fail Again -Updated 11-01-10- Facebook has completed its internal investigation into reports from The Wall Street Journal that Facebook applications were violating its user privacy. The WSJ says FB is sharing unique user IDs with advertising agencies and data collection companies. According to the firm’s blog, some developers were sharing Facebook UIDs with data brokers for a fee, “this violation of our policy is something we take seriously,” Facebook engineer Mike Vernal wrote in the corporate response.

The Social Networker is reportedly taking action against developers who violated the Facebook policies by “instituting a 6-month full moratorium on their access to Facebook communication channels, and we will require these developers to submit their data practices to an audit in the future to confirm that they are in compliance with our policies” according to the corporate blog.

The blog also states that Facebook has struck a deal with Rapleaf (Which I wrote about here), the data-mining firm that has tied Facebook ID information collected by Facebook applications to a database of Internet users it sold. “Rapleaf has agreed to delete all UIDs in its possession, and they have agreed not to conduct any activities on the Facebook Platform (either directly or indirectly) going forward.”

Last May Facebook was caught using “referrers” to send users’ ID information to advertising agencies every time the users click on ads. In response, the social networker changed some of the code that allowed this and issued a half-hearted apology. Now, the Wall Street Journal has found that third-party applications or “apps” on Facebook have been guilty of the same thing.  The WSJ says the privacy breach affects tens of millions of Facebook app users, including people who set their profiles to Facebook’s strictest privacy settings.

Facebook logo“Apps” are pieces of software that let Facebook’s 500 million users play games or share common interests with one another. The company says 70% of users use apps each month. The WSJ found that all the 10 most popular apps on Facebook were transmitting users’ IDs to outside companies including:

  • FarmVille,
  • Phrases,
  • Texas HoldEm,
  • FrontierVille,
  • Causes,
  • Cafe World,
  • Mafia Wars,
  • QUiz Planet,
  • Treasure Isle
  • IHeart.

The WSJ says that Zynga Game Network Inc.’s (ZNGA) FarmVille, with 59 million users has also been transmitting personal information about a user’s friends to outside companies.

The information being transmitted includes the unique “Facebook ID” number assigned to every user on the site. Since a Facebook user ID is a public part of any Facebook profile, anyone can use an ID number to look up a person’s name even if that person has set all of his or her Facebook information to be private. For other users, the Facebook ID reveals information they have set to share with “everyone,” including age, residence, occupation, and photos. The apps reviewed by the WSJ were sending Facebook ID numbers to at least 25 advertising and data firms, several of which build profiles of Internet users by tracking their online activities.

The Journal found that data-gathering firm, RapLeaf Inc., (Which I wrote about earlier) had linked Facebook user ID information obtained from apps to its own database of Internet users, which it sells. RapLeaf also transmitted the Facebook IDs it obtained to a dozen other firms including Google’s Invite Media, the Journal found.  “We didn’t do it on purpose,” said Joel Jewitt, vice president of business development for RapLeaf to the WSJ.

Facebook has again issued a statement that it will look into the matter and correct the code and has in the meantime disabled thousands of applications. According to the WSJ, the applications transmitting Facebook IDs may have breached their own privacy policies. Zynga, for example, says in its privacy policy that it “does not provide any Personally Identifiable Information to third-party advertising companies.” A Zynga spokeswoman told the WSJ, “Zynga has a strict policy of not passing personally identifiable information to any third parties. We look forward to working with Facebook to refine how web technologies work to keep people in control of their information.

rb-

Mark ZuckerbergOnce again, Facebook has a user privacy breach on its hands. The social networker keeps promising to protect its customers’ personally identifiable information but never seems to get it right.

Perhaps the question Facebook users should be asking is does Facebook really want to protect their user’s privacy?

 

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Social Networking | Tags: , , , , , , , , , , ,
| August 28, 2010
Comments Off on New School Year Same Security Threats

New School Year Same Security Threats

New School Year Same Security Threats Another school year is starting up and security firm WatchGuard has a list of the top threat to school IT systems as classes start up again. Eric Aarrestad, Vice President at privately held WatchGuard Technologies says, “With so much at risk and so much to gain by cybercriminals, today’s campus is one of the most dangerous IT environments around.” He continues, “Unlike enterprise organizations that can throw substantial resources towards network and data protection, schools and universities are more constrained, yet they face some of the most demanding security challenges due to the dynamic interaction between students and their school’s IT resources.”

Top threats at school

WatchGuard’s top at school threats include:

watchguard_logoSocial Networks The security firm calls social networks, the number one threat to school and university networks is social networks, such as Facebook and MySpace. Unfortunately, social networks act as an ideal platform to launch a myriad of attacks against students and departments, including spam, viruses, malware, phishing, and more. Adding to this, socially engineered attacks are often extremely successful due to the “trusted” environment that social networks create.

Malware As students and teachers use the web for educational purposes, the Seattle-based firm company says many unwittingly expose themselves to drive-by downloads or corrupted websites, which inject malicious forms of software on their computers. Once infected, they risk becoming victims of identity theft or loss of personal information via spyware and keyloggers.

Viruses Today, email remains one of the primary ways of delivering viruses. According to the release, recent surveys suggest that 27 percent of users fail to keep their antivirus signatures which may, in any case, be unable to up stop the new generation of viruses with polymorphic properties.

Botnets The privately held security firm estimates that 15 to 20 percent of all school and university computers connected to the Internet are part of a botnet. As part of a botnet, school and university systems can be used in a variety of unknown exploits, including spam delivery, denial of service attacks, click-fraud, identity theft, and more.

Phishing scams continue to get more advanced and selective, with students being specifically targeted. WatchGuard claims that phishing attacks via social networks achieve a success rate of over 70 percent.

Hacking In a recent survey of education IT professionals, 23 percent ranked student hackers as one of their greatest threats to network security.

Access Control Usage of mobile devices and wireless access to education IT resources continues to plague network administrators. As the use of mobile devices escalates, schools will face increasing challenges in managing authorized network access according to the security vendor.

WatchGuard Technologies provides a variety of Internet security software and hardware products, including firewalls, virtual private network (VPN) appliances, and anti-virus applications under the XTM, XCS, and e-Series brands.

Related articles
  • The Science of Cyber Security (usnews.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| April 18, 2009
Comments Off on DRP’s Must Include Social Media Threats

DRP’s Must Include Social Media Threats

DRP's Must Include Social Media ThreatsDomino’s Pizza is the latest firm to realize that social media has the reach and speed to turn tiny incidents into marketing crises.  Domino’s Vice President of Communications Tim McIntyre told AdAge.com: “Any idiot with a webcam and an internet connection can attempt to undo all that’s right about the brand” in reaction to several videos posted on YouTube (and now elsewhere) on Monday (04-13-09) by two Domino’s Pizza employees in North Carolina which showed them allegedly tampering with food to be served to customers.

On Tuesday (04-14-09), the Domino’s franchise owner brought in the local health department, which advised him to discard all open containers of food, which cost hundreds of dollars and fired the employees, identified as Kristy Lynn Hammonds, 31, of Taylorsville, N.C., who was convicted of sexual battery last June and was convicted of possession of stolen goods and damaging a vending machine in 1995 according to media reports and Michael Anthony Setzer, 32, of Conover N.C. are each charged with felony distributing prohibited foods Setzer was released from the Catawba County jail on $7,500 bond, while Hammonds remained in custody.

Domino’s McIntyre said, “We’re re-examining all of our hiring practices to make sure that people like this don’t make it into our stores,” McIntyre continues, “We got blindsided by two idiots with a video camera and an awful idea.”

In just a few days, Ann Arbor, MI-based Domino’s reputation was damaged. The perception of its quality among consumers went from positive to negative since Monday (04-13-09), according to the research firm YouGov. “It’s graphic enough in the video, and it’s created enough of a stir, that it gives people a little bit of pause,” said Ted Marzilli, global managing director for YouGov’s BrandIndex in an NYT article.

The company considers each viewing of the video to be damaging to the Domino’s Pizza brand, McIntyre said. “We are absolutely 100 percent going after these people,” McIntyre said. “Our brand is far too valuable to let these guys try to ruin it all in the guise of a hoax.”

rb-

This incident is further proof that companies cannot afford to ignore social media. The Domino’s incident proves that responding to social-media incidents has to be added to disaster recovery plans. Firms need to pay close attention to what is being said about them online. In this case, Domino’s only found out about the videos because a blogger told them, according to the New York Times.

Firms need to add situations including negative stories that appear in social media to their DRP’s. The benefit of a DRP is that a plan of action is in place. During a social-media crisis, there is no time to figure out the technology.  Domino’s response was not to respond aggressively, hoping the controversy would quiet down. “What we missed was the perpetual mushroom effect of viral sensations,” McIntyre said. It is reported that the Domino’s videos were viewed more than 1 million times on YoutTube, references to it were in five of the 12 results on the first page of Google search for “Dominos,” and discussions about Domino’s had spread throughout Twitter before they were taken down by the poster.

In the heat of a crisis, there is little time to open accounts on YouTube, Twitter, or the Web 2.0 du jour, get up to speed on how to use the technology, and formulate the response to the problem while that problem is unfolding.

Firms that are not involved in social media should set up a web 2.0 presence for a defensive position. Firms can use their existing online channel to immediately get their message out to interested readers. The firm’s larger follow-up response should match the offending social-media vector, be it Twitter and YouTube.

Like other elements of the firm’s disaster recovery plan,  firms should stage a mock social-media crisis and figure out what to do if an employee or a customer posts harmful social-media information online.

Of course, all good security policies and DRP’s need strong enforceable policies. The DRP should describe how to respond. in this case,  the company “decided not to respond aggressively, hoping the controversy would quiet down. “What we missed was the perpetual mushroom effect of viral sensations,” Domino’s official, Tim McIntyre, told the Times Before a crisis strikes, the firms must develop a company policy that explains the impact of social media and outlines what employees can and cannot do on social media sites when they are identifiable as members of your value-chain.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
  Recent Entries »