January 14th, 2009

Twitter, I'm cheating on you with Facebook

Posted by Jennifer Leggio @ 10:31 am

Categories: Branding, Facebook, FriendFeed, Life Streaming, LinkedIn, Microblogging, Personal Branding, Public Relations, Social Business, Social Media, Social Networks, Twitter

Tags: Facebook, Twitter, FriendFeed, Networking, Jennifer Leggio

I truly love Twitter. It brings me a great amount of joy, information and entertainment. Yet, what I’ve realized recently is that I am no longer in love with Twitter. This first hit me last week when Twitter once again suffered some stability issues under the weight of MacWorld and CES. I was disappointed. I thought we were over this. So I turned to FriendFeed in a moment of need, yet felt guilty for treating the lifestream as a “back-burner boyfriend.” Not to mention, FriendFeed is a little high maintenance — you need to really have time to manage that community to get the most out of it.

Lost, I tooled around the Internet. Then I remembered my old friend Facebook. We were quite close once but then it got that nasty makeover I hated. Eventually, however, I learned to love it’s new look, recognizing that it was functionality that would always win my heart over aesthetics. I played with the new wall — and made it into a lifestream importing my YouTube, del.icio.us, Digg, etc., accounts. I created a tab for my FriendFeed stream to complement that. I installed Facebook mobile on my BlackBerry. I began updating my status messages more frequently and saw that, lo and behold, I could essentially microblog via my status message — and I could feed those messages into FriendFeed.

It became so crazy and mixed up, my head was spinning. I knew it was wrong but I loved it.  I was able to microblog and have threaded conversations with my permissions-based trusted network in an environment in which they cannot get overwhelmed (unlike Twitter) due to the random sorting / smart updates of the Facebook main news feed.

This may not work for everyone. I do not discriminate against who I add to my Facebook. I do, however, have different privacy groups for folks who are closer friends versus coworkers versus people I’m just getting to know online. I still find that the communities of FriendFeed and Twitter are impeccable — and you can’t beat them for open crowdsourcing. Yet, with Facebook I’m able to crowdsource my trusted network. It’s almost as if I am using Twitter, and FriendFeed to some degree to get to know people on a more topical level and then bring them into the more personal side of me on Facebook. At the time I open up more — and also am able to better engage with them or their companies if I have a chance to interact in a more trusted manner.

Robert Scoble recently said that he doesn’t use Google Reader anymore; he reads his friends via FriendFeed. Surprisingly enough, I’m with him on the notion that the trusted network of referred content is the best way to go. That’s how I’ve always used Twitter, that’s how I’m using FriendFeed, and Facebook takes what those two sites are doing for me and multiplies it by 10. And, quite frankly, Facebook has served me well as a powerful professional networking tool, too (sorry, LinkedIn).

I am not going to leave Twitter just yet. I’m comfortable, not complacent. My network is amazing and interesting and insightful. However I will be working to bring them into my Facebook fold. I say the same for my FriendFeed pals. I’m still not sure that Facebook is the one for me so I can’t jump ship just yet. Perhaps I am waiting for that one perfect social aggregator that out-functions them all.

You can find me and Facebook loving it up here.

Big thanks to Rhonda Hitchcock for the illustration (which can be clicked to enlarge)!

December 29th, 2008

FriendFeed, Twitter address URL redirection risks; Facebook, LinkedIn, MySpace lag behind

Posted by Jennifer Leggio @ 9:29 am

Categories: Facebook, FriendFeed, LinkedIn, Microblogging, MySpace, Security, Social Business Analysis, Social Media, Social Media Best Practices, Social Media and Security, Social Networks, Twitter

Tags: Facebook, LinkedIn, Twitter, MySpace, FriendFeed, Phishing, Social Networking, Cyberthreats, Security, Viruses And Worms

When I compiled my crowdsourced 2009 predictions earlier this month, several people shared with me the same forethought: URL redirection leveraged by phishers could create a bottoming out of sorts for Twitter. The concern is that masked URLs could lead to stolen data or drive-by-malware, making it too late for the poor user who clicks the link once he or she figure out what happened.

I’m uncertain as to why users are concerned about this threat more in 2009 than they were in 2008, nor am I certain why Twitter is getting singled out. I imagine part of it is because Twitter is starting to go more mainstream and early adopters of social networks tend to be more tech and security savvy than the general user. Regardless, social networks are starting to take this apparent threat more seriously with FriendFeed the furthest ahead, recently introducing a lauded security feature — scrollover for redirected URLs. Now FriendFeed users can preview the URL they are about to click to gauge for themselves any apparent risk.

When I spoke with Twitter co-founder Biz Stone in June he told me, that the social network was concerned about URL redirection and was “looking into other ways to display shared links, for example noting whether a link goes to a picture or a video or some other media element.” A month later, Twitter acquired Summize and turned it into Twitter Search, which now does, in fact, include a URL expansion option in its “search results” page. However, there is nothing yet on the Twitter Web site itself nor is there a way to mandate URL expansion through the many Twitter clients. I briefly caught up with Stone again yesterday, who told me that plans for increased security continues to be a work in progress.

“You can expect us to provide a better experience on the home page as well but I don’t have an exact deploy date for you right now,” he said.

But how much do these security features help with URL redirection anyway?

“The scrollover is only useful for users who are Internet savvy enough to recognize what may be a potentially malicious Web page from the URL itself,” said Adam J. O’Donnell, Ph.D., director of emerging technology for Cloudmark and ZDNet security blogger.  ” If you look at it another way, providing scrollover URL reveals hasn’t stopped phishing.”

Web developer and computer programmer Shannon Whitley notes that Twitter pushing out more URL redirection security features might be incredibly complicated from a technology perspective, and somewhat fruitless in the long run.

Next: What about other social networks? –>

December 26th, 2008

Mitigating the collision course of social networks

Posted by Jennifer Leggio @ 10:05 am

Categories: Career Development, Facebook, FriendFeed, LinkedIn, Personal Branding, Reputation and Privacy, Social Business, Social Media, Social Media Best Practices, Social Networks, Twitter

Tags: Nickname, Network, Picture, Social Networking, Internet, Online Communications, Marketing, Advertising & Promotion, Jennifer Leggio

* Jennifer Leggio is on vacation

Guest editorial by Michael Gaines

Do you remember Venn diagrams from high school math? Those are the overlapping circles which represent where two groups intersect. Social media circles have started to intersect as well, and keeping them apart may not be as easy as it seems.

If you’re wondering why you may want to keep your social circles separate, consider this scenario: you had a great Saturday night with your friends, maybe drinking, and someone might have put some rather awkward pictures of you on their Facebook account without you knowing. By tagging the pictures with your name, your boss could find this picture on Monday morning. There have been an increasing number of reports of people not getting jobs because of what potential employers find on social networking sites, and at least one person I know personally has been spoken to about what they’ve posted on their Flickr account. It’s become quite difficult to be yourself on the Internet. Who you are outside work might not be who you are at work. If you already have a job where they know you well it may not be an issue, but if you’re looking for a job, drunken pictures of you may not be the best thing to have floating around on the Internet.

Your workplace may not even be the only group you want to keep separate from your social network. It’s possible you may want to prevent people you know personally from seeing that you’re a hardcore gamer. Some people might not want to see messages of what your level progression in your latest gaming addiction is. This social networking “noise” could be another potential reason from separating your circles. People may follow you on FriendFeed or Twitter for some reason, only to see over time that some of the things you write about may become less interesting to them. I’ve personally had people unfollow me because either the gaming friends don’t like hearing about social networking or vice versa.

Next: How to keep the worlds from colliding –>

November 21st, 2008

Pop-up ads on LinkedIn? How very MySpace

Posted by Jennifer Leggio @ 8:29 am

Categories: Corporate Social Networking, Facebook, LinkedIn, Marketing, MySpace, Social Business, Social Media, Social Networks

Tags: Pop-up Ad, LinkedIn, MySpace, Jennifer Leggio

I wrote the other day that I’ve always felt that Spoke was the “poor-man’s LinkedIn.” When LinkedIn introduced it’s applications and other more social features, I joked behind the scenes that it was becoming Facebook-esque. Now I’m wondering if LinkedIn is trying to become the “rich man’s MySpace.”

Don’t get me wrong. I know times are tough for LinkedIn, because even with its cash injection earlier this year, the company is still facing an imminent layoff of 10 percent of its workforce. I don’t think, however, that surprising its professional networkers with pop-up ads from retail outlets is the way to go.

The background: On Nov. 3 the social business site launched a promotion with Banana Republic in which its users could win a $1,000 shopping spree and a profile makeover. Each time a user updates his or her profile he or she could get a 25 percent Banana Republic discount and a chance to win the prizes. Not a bad promotion.

I first noticed it as a little ad on my profile when I made an update, which was fine enough. Then I updated my LinkedIn profile picture and upon saving my changes I got a pop-up. In fairness to LinkedIn, it was very nicely designed and didn’t have any glittering clip art on it, but it was a pop-up nonetheless. It truly shocked me. Why the need for a pop-up? Aren’t the in-profile ads enough?

Here’s a screen shot (click to enlarge):

For a moment I thought I might be overreacting. If it was a big deal, wouldn’t I have read about this somewhere else by now? I am a little hypersensitive to pop-ups (and still surprised this surpassed my pop-up blocker). But more than that, I don’t agree that a pop-up approach is going to endear professionals to the site. Sure, they might participate in the promotion but keep doing this and over time LinkedIn becomes the place to go to win cool prizes instead of a place to network. Or, if you’re laid off, LinkedIn merely rubs salt in wounds.

I did a little bit of early-morning crowdsourcing and didn’t find one person who told me it wasn’t a big deal. The following four replies are good indicators (once again, click to enlarge)l:

Not so good, LinkedIn. Not so good.

What do you think of the LinkedIn pop-up ads?

Thanks to Whitney Drake, Pam O’Neal and Kyle Roussel for sending me the LinkedIn screen shots. I was too surprised to capture it myself.

November 12th, 2008

Spoke resorts to fear tactics, loses credibility

Posted by Jennifer Leggio @ 9:49 am

Categories: Branding, Career Development, Corporate Social Networking, LinkedIn, Marketing, Reputation and Privacy, Snake Oil, Social Business, Social Media, Social Media Best Practices, Social Media Economy, Social Networks

Tags: Web 2.0, Social Networking, Networking, Internet, Online Communications, Marketing, Advertising & Promotion, Jennifer Leggio, Job, E-mail

Let’s face it, times are tough. People are pinching pennies due to the fear of potentially looming layoffs. Certain industries and governments are facing economic crisis. Pensions are potentially in danger. Folks who want to retire may need to hold off. It ain’t pretty.

Given the current state of things, companies and individuals alike are looking for ways to cut costs and try to attain sustainability. Regardless of how strong our companies may be, we’re all a little bit scared. That’s why I find it even more shameful when a company tries to blatantly exploit those fears and vulnerabilities.

Case in point: Yesterday I received an email from Spoke, a business connection engine (or as I sometimes refer to it, a “poor man’s LinkedIn“). I’ve never given the site much thought — I can’t even recall if I ever created a profile. So why is Spoke on my radar now? I’ll tell you. The subject of the email was:

“If you want to keep your job, use Spoke”

Insert record screeching noise here. It certainly got my attention. It didn’t get my attention in the “Oh, YES, finally a solution to ensure I keep my job!” way. It caught my attention in a “You’ve got to be kidding me?” kind of way.

Read the full email (click to enlarge):

I did my research to ensure it wasn’t some phishing attempt or a spam email. It was a legitimate email from Spoke (sent through Eloqua) trying to get me to use the site. The copy of the email itself wasn’t bad. It was the humongous thud of FUD (fear, uncertainty, doubt) that made me — and many others with whom I’ve spoken about the email — lose a bit of respect for the company.

Other companies, especially Web 2.0 and social networking companies, can learn a valuable lesson from Spoke’s antics. Resorting to fear marketing during the downturn is dangerous. Customer education and outreach is still critical, and by all means we have to try to grow our businesses. But in Spoke’s case, its approach merely showed me that it does not understand the needs of the individual who is scared to lose his or her job. It did not give me comfort that it might have a networking solution for me should I need one. And it certainly did not make me want to recommend it to my friends or business partners.

September 24th, 2008

'Inside Web 2.0' – A Newbie’s View

Posted by Jennifer Leggio @ 9:38 am

Categories: Blogging Best Practices, LinkedIn, Marketing, Microblogging, Public Relations, Social Media Best Practices, Social Networks, Twitter

Tags: Web, Facebook, Advertisement, Social Media, Maeve Naughton, Web 2.0, Channel Management, Internet, Marketing, Jennifer Leggio

Guest editorial by Maeve Naughton

Last night I attended “Inside Web 2.0 - Learn how to succeed in the Web 2.0 economy,” a program presented by the Commonwealth Club of Silicon Valley and the Yale Club of Silicon Valley. The promo materials mentioned that the panelists — Michel Veys, COO, Jajah, Josh Elman, program platform manager, Facebook, Seth Sternberg, CEO and co-founder, Meebo, and Christa Quarles, managing director, Thomas Weisel Partners – would discuss how businesses are embracing Web 2.0 and how the media phenomena may or may not be making money.

Moderated by Amy Shuen author of “Web 2.0: A Strategy Guide”, the panel attracted roughly 100 people in the audience and surprisingly the ages ranged from mid thirties to mid forties. One third of the participants worked for Web 2.0 companies, approximately 80 percent use Facebook and 99 percent use LinkedIn. The main difference between the two application uses was age – the older attendees tended not to use Facebook.

As a newbie to social media, I’d hoped to get more out of the evening. I wanted to find out about how social media tools and platforms are transforming non-social media businesses, how different tools can be used for different reasons and some “social media saved the day” examples but I got none of that. The panelists focused more on what their product does and how they generate money. However, each panelist made at least one interesting point:

Next: What are the experts saying, anyway? –>

September 15th, 2008

Social networking enhances career growth -- only if used correctly

Posted by Jennifer Leggio @ 12:27 pm

Categories: Branding, Career Development, Facebook, Life Streaming, LinkedIn, Marketing, Microblogging, Personal Branding, Social Business Analysis, Social Media Best Practices, Social Media and Security, Social Networks, Twitter

Tags: Network, Mike Murray, Mike, Social Networking, Professional Development, Online Communications, Marketing, Advertising & Promotion, Career, Jennifer Leggio

Guest editorial by Mike Murray

As a career coach and speaker, one of the first questions I get from any audience is some form of:

“How should I be using LinkedIn/Facebook/{Insert name of social network here} to enhance my career?”

When Jennifer asked me to comment on this topic for her blog, I was ecstatic to take the chance to get the message out. And, while I can rant about this topic for hours, this is a blog and not an book. So, I’ll keep it somewhat brief:

Social networking sites provide an incredible opportunity to make radical changes in your career. But those changes aren’t necessarily going to be good ones unless you do it right. Ultimately, social networking tools are much like a race car — they help a good driver become a great one, and they help a bad driver become a pile of twisted, smoking metal up against a concrete wall.

The main thing that a social networking site can help you with is the concept of your “personal brand” — that is, the sites can be used as tools to allow you to become known within a target audience of people. Used well, you can turn yourself in to an expert among experts. Used poorly, you can easily turn yourself into that guy with the 55 pictures of himself drunk and passed out on the floor of your college fraternity house. Caveat emptor.

What I’m going to offer today is the top three ways to use social networking tools to enhance your brand and your career.

1. Niche-ify

As I mentioned earlier, social networking tools give you the opportunity to brand yourself — to become known. This means that you have to decide what you’re going to be known FOR.

And, lest you think that you can just drift along, it’s like the sage old Rush song lyric says: “If you choose not to decide, you still have made a choice.”

The first rule in marketing (and, truly, this is a form of marketing yourself) is to choose your niche. Choose what your product (in this case, you) will be known for. Are you going to be the girl who is always there when people need help? The social networking expert? The nuclear physicist who dabbles in playing the piano?

It doesn’t matter what your niche is — you just need to decide what you want to be known for and tailor your online presence to that message.

If you want an example of this, there is none better than my blog hostess today, Jennifer Leggio. If you look at any part of Jennifer’s online presence, it’s clear what her niche in the world is: she’s a social networking guru who works with security geeks.

There’s only one person who has that niche, which is what makes it so special and what makes Jennifer successful. Because anyone who is looking for someone who understands social networking and security will find her easily on any one of the social networks.

You need to do the same thing. Pick a niche that you can become known for, and anybody who is looking for someone to do a job in that niche will naturally find you.

Next: Cool friends = cool you –>

September 10th, 2008

Move over Generations X and Y - Grandma's on MySpace

Posted by Jennifer Leggio @ 10:53 am

Categories: Facebook, Life Streaming, LinkedIn, MySpace, Social Networks

Tags: NPD Group Inc., Baby Boomer, Entertainment, MySpace, Social Networking, Advertising & Promotion, Online Communications, Marketing, Jennifer Leggio

Don’t be surprised if Grandma sends you a Facebook gift for Christmas this year instead of a package of socks.

The NPD Group, a market research firm, reported yesterday that its “Entertainment Trends in America” report shows that in the U.S., 41 percent of baby boomer Internet users (age 44 to 61) surveyed are spending time on social networks such as LinkedIn, MySpace and Facebook.

The survey data, which was based on a sample of more than 11,000 consumers, also showed that 61 percent of these baby boomers are using streaming or downloadable video sites, as well.

“There’s an ongoing misperception that certain Web activities are the exclusive domain of young people,” said Russ Crupnick, entertainment industry analyst for The NPD Group, in the research firm’s report. “That misperception could cost the entertainment industry, in terms of lost opportunities to target valuable consumers.”

As social networks continue to grow and get more mainstream airtime — my 58-year-old mother was just talking about CNN’s Twitter feed — it makes sense that more and more baby boomers would get on board.

The NPD Group also makes the case that advertisers, which often market to those 40 and below on social networking sites, should consider that much of the online buying power remains with the baby boomer generation.

Thanks to That T-Shirt Site for the artwork 

August 28th, 2008

Community managers akin to 'Internet police'

Posted by Jennifer Leggio @ 11:09 am

Categories: Branding, Corporate Social Networking, Facebook, FriendFeed, Life Streaming, LinkedIn, Marketing, Microblogging, Public Relations, Reputation and Privacy, Social Media, Social Media Best Practices, Social Networks, Twitter

Tags: Twitter, Community Manager, Internet, RSS, Blogging, Team Management, Benefits, Management, Human Resources, Jennifer Leggio

I’m not a community manager — officially. But I am the resident social media nerd who spends far too many hours in front of the laptop reading FriendFeed and watching Twitter and posting on my friends’ Facebook walls. While some folks might claim this is a time waster I have found the benefits of being a cyber slacker far outweigh the downfalls. And this benefit extends to my company.

Earlier today I was reading my Twitter feed and minding everyone else’s business when I spotted a tweet from one of my microblogging pals who had a question about one of my company’s products. It wasn’t necessarily negative but it wasn’t a discussion I wanted to have in public. I immediately swooped in, started a conversation in private and contacted the appropriate parties on my internal team. Both my Twitter pal and my internal teams found this to be very helpful.

I told a teammate, “I feel like the Internet police.” In some ways, at least for myself and my company, I am:

• I have RSS feeds set up through Twitter Search for me and for my company and its products.
• I go beyond Google alerts and do my own manual digging on multiple social networks.
• I read competitor blogs and blog comments religiously.
• If there’s something negative, I engage.
• If there’s something positive, I engage.
• I don’t try to control the message or conversation. I merely try to participate so that people know we are listening. Every time I do, whether its an upset partner or a frustrated blogger or a happy customer, they seem to appreciate the fact that I am listening.

More fodder for the “marketing should stop trying to control the message” file. Community managers are critical for protecting a company’s reputation online and for knowing how to embrace those conversations happening about the company. Don’t control. Don’t manipulate. Join the conversation — and you’ll be surprised at how liberating and beneficial it is across the board.

August 25th, 2008

The ugly truth: Satan, social networks and security

Posted by Jennifer Leggio @ 7:02 am

Categories: Facebook, LinkedIn, Microblogging, MySpace, Reputation and Privacy, Security, Social Business Analysis, Social Media, Social Media Best Practices, Social Media and Security, Social Networks

Tags: Social Networking, Black Hat, Network, App, MySpace, SocNets, SocNet, Security, Jennifer Leggio

* Jennifer Leggio is on vacation

Guest editorial by Shawn Moyer and Nathan Hamiel, who presented “Satan is on my Friends List: Attacking Social Networks” at BlackHat and Defcon earlier this month.

Ultimately, we blame Jeff Moss for all of this. Earlier this year, the founder of Black Hat and Defcon asked the security community to join the Black Hat and Defcon LinkedIn groups. To our own occasional chagrin, we’re both very active users of social networks (hereafter SocNets, easier to type and we’re not being paid by the word), so we found ourselves compelled to join but also a bit skeptical. Would a bunch of paranoid-by-nature and paranoid-by-profession hackers and security professionals fly the SocNet flag and buddy up? No way, right?

Well, both groups have just under 2,000 members at this point, so it looks like the answer is a resounding yes. If a pretty broad sample of InfoSec folks are using SocNets, it seems to stand to reason that things must be improving on the SocNet security front now, right? We couldn’t really say for sure. We both had a gut feeling, but wanted to have a better idea of how bad (or, yes, even how good) things really were.

A few months later, at Black Hat and Defcon were pretty flummoxed by the response to what ultimately was a silly talk about privilege escalation on Adult Friend Finder, performing the MySpace equivalent of K-Lining, and using social engineering to poke some fun at journalists and the security blogosphere.

Still, as SocNets and social media become more and more a part of our daily lives, and as the race to go to market and to gain marketshare continues, we think SocNet security will continue to become a larger problem, and recent activity seems to show that the appeal of a large and active userbase as a target for the malware industry is hard to ignore.

Further down the rabbit hole, in which we find some ugly things
So, rewinding a few months back… Talk submitted to Defcon and Black Hat, check. Nathan and Shawn working on projects in the same city for a couple of months, check. Cider and box wine acquired, check. We fired up our interception proxies, passive audit tools, a few other toys, cranked up “Waiting Room”, and prepared to sequester ourselves a few nights a week for a couple of months, to see what things looked like across the board.

We found our first exploitable bug in around a half hour, on the first SocNet we looked at. This became something of a theme, and we found ourselves pretty disappointed each night if the booze ran out (or it got too late) before we found something troubling, or at least interesting. We both do Web app security testing, mostly for larger ecommerce sites, in our day jobs, and so looking at an architecture as trusting and open as a social network was kind of like playing slow pitch softball over beers in the park after trying to strike out Albert Pujols for nine innings.

The above is certainly not to say that we’re ninjas, security masterminds, or anything of the sort. There are lots of very smart people (none of which are us) looking at Web application security. What we found, though, is that attacking someone via a SocNet, or at least via a lot of the SocNets we looked at, often didn’t require Javascript filter ninjitsu, multi-stage payloads, or even, at least in our case, a modicum of sobriety. Did we mention we’d been drinking?

Ugly things enumerated: SocNet apps
For those taking notes, here’s the simplest way to get arbitrary code execution in the browsers of millions of users (no exaggeration — the top SocNet applications on Facebook and MySpace have 21 million and 8 million users, respectively) suitable for BotNet propagation, phishing, pharming, click fraud, DoSing, a fully meshed global RickRolling spam farm, or some other purpose so nefarious we couldn’t imagine it ourselves, despite considerable effort and numerous demonic incantations.

Just ask for permission.

Specifically, go through the trivial process of signing up to be a SocNet App developer. On Facebook permission to publish an app means having five friends, on MySpace it means filling out an application form (ours claimed we were working on a messaging system using the “unbreakable ROT13 encryption algorithm”), and providing a few easily-forged bits of personal information. Signing up to develop apps on SocNets is a shockingly trivial process, and results in being given the keys to Dad’s car and the liquor cabinet to boot, as it were.

Next: Ugly things won’t improve anytime soon –>