October 27th, 2009

2010 Predictions: Will social media reach ubiquity?

Posted by Jennifer Leggio @ 9:19 am

Categories: Blogging Best Practices, Brand Management and Monitoring, Branding, Corporate Social Networking, Enterprise 2.0, Government 2.0, Marketing, Microblogging, Public Relations, Social Business, Social Media, Social Media and Security

Tags: Social Networking, Facebook, Marketing, Network, Twitter Inc., Social Media, Foursquare, Poken Pulse, PR People, Jennifer Leggio

The year 2009 has been a pivotal one in social media. We’ve seen the explosion of a previously misunderstood social network as well as the rampant adoption of social media by major brands. We’ve seen these companies take big chances, some ending in success and others ending with harsh lessons learned. It seems that almost everyone’s brother, sister, mother and grandfather are now on Facebook, and that social media itself is a bubble baby no more. At the same time, it’s important to note that both business users and consumers have barely scratched the surface of opportunity that the tools and strategies around social media can provide.

In order to achieve continued success many things have to happen. Cracks in the echo chamber, widespread communication of proven successes, best practices for return on investment (ROI) are just a few. And as companies embark on their 2010 planning, they are hoping for a glimpse of what is to come.

Rather than create a wish list, I followed Peter Kim’s model and turned to my network to find out what it believes social media will become in 2010. I asked about 40 people to participate and 31 responded with at least a few words on what might happen next year.

The predictions are meant to be thought-provokers more than gospel, and come from a mix of thought leaders, entrepreneurs, and folks who get their hands dirty every day dealing with social media for their companies. Predictions range from general social media to enterprise 2.0, government 2.0, security, public relations and even location-aware social networks. But the over-arching theme of most of the predictions say that 2010 is the year that social media will just be, rather than serving as a shiny new toy.

Without further ado, here are the 2010 social media predictions.

Next: David Armano, Karen Auby, Andrea Baker, Nenshad Bardoliwalla –>

October 13th, 2009

Twitter starts to get serious about spammers

Posted by Jennifer Leggio @ 3:11 pm

Categories: Security, Social Media, Social Media and Security, Social Networks, Spam, Twitter

Tags: Twitter Inc., Spammer, Spam, Cyberthreats, Security, Spam And Phishing, Jennifer Leggio

Today Twitter announced a new way for its users to alert the service of spammers with a quick link to a “report [user name] for spam” link next to the “message” and “block” links in the right column. This appears to be Twitter’s latest attempt at controlling the rampant abuse brought to the site from spammers, and a replacement to it’s already existing reporting feature, the @spam account.

In a blog post, the folks at Twitter write:

Click the “Report as spam” button under the Actions section of a profile’s sidebar and our Trust and Safety team will check it out to see what needs to be done. No automated action will be taken as a result of reporting a user as spam (in other words, it can’t be used to incite an angry mob against an account you don’t like.) And once you report a profile it will automatically be blocked from following or replying to you.

This is a decent attempt from Twitter to help give the users more control in reporting spammers, as it’s previous @spam reporting methods were often a one-way conversation. The instructions on the spam account currently read to DM the account for reporting, yet the report is only following roughly 30K of the 100K+ users following it. And while many users would report @spam through public messages, there was no way to know if Twitter was listening.

However, regardless of how good the spam reporting is, Twitter still need to get more serious about what it’s doing to stop spammers and bots in the first place. The battle seems to be currently led by the spammers.

This will definitely help those with protected accounts since we didn’t have any way to report spam before. Since @spam didn’t follow us, it couldn’t ‘hear’ us,” said Kevin Riggins, senior information security analyst, Principal Financial Group. “Whether it is any more effective at actually having an impact on spam is an entirely different topic and I think it is going to take more mature automated processes to help with that.”

September 28th, 2009

SocialToo gives social networkers a false sense of security

Posted by Jennifer Leggio @ 9:43 am

Categories: Security, Social Business, Social Media, Social Media Best Practices, Social Media and Security

Tags: Twitter Inc., Antivirus, SocialToo Direct Message, Phishing, Cyberthreats, Spam, Viruses And Worms, Security, Spam And Phishing, Jennifer Leggio

Last week social network “companion” Social Too announced that it had created an “automatic antivirus solution” for Twitter. I saw it retweeted multiple times, with apparent users excitement. I was terrified. Why? For one, it’s not an antivirus solution.

The SocialToo “antivirus solution” promises to act as a middle man between Twitter and your inbox for direct message (DM) delivery. Users log into SocialToo and select “Send SocialToo DM Emails” and then a user’s DMs are re-routed to SocialToo rather than emails going directly to the user. Then SocialToo service then promises only to pass through the alerts to your inbox that are presumably safe.

I talked to my friend Tom Eston, security researcher from SocialMediaSecurity.com, about this service and we agreed on a few things that are alarming about this service:

1. Again, this is not an antivirus product by any stretch of the imagination. It will not prevent malware (malicious files) from being installed on your computer like a traditional anti-virus (signature based) solution. It only applies to DMs.

2. Calling this an “anti-virus” product will give the general social network user a false sense of security.  These are not “viruses” being sent via DM’s…they are phishing links (or in the case of trending topic spam, links to malware).  This might cause users to think that this will protect them from all threats on Twitter just because its labeled an “antivirus product”.

3. Even calling this an anti-phishing solution is stretching it.  There are possibilities of being phished via retweet spam or links from your friends on their feeds after their accounts are compromised. SocialToo’s service will do nothing to protect against these threats.

Continued –>

September 25th, 2009

Quick'n'Dirty podcast's chaotic no. 16: pay phones, paper clips and oneforty

Posted by Jennifer Leggio @ 10:30 am

Categories: Flickr, Quick'n'Dirty Podcast, Social Business, Social Media, Social Media Best Practices, Social Media and Security, Social Networks, Twitter

Tags: Podcast, Phone, Twitter Inc., Social Media, Flickr, Tom, Security, Jennifer Leggio

The sixteenth episode of the Quick’n'Dirty podcast was one of the most exciting ones that we had, thanks to a series of technology failures. Being the pros that we are, of course, Aaron Strout and I rolled with the punches (or, tech failures) and brought together a very fun show, if we do say so ourselves. That was, after I was able to get Aaron on the line with only a minute left to spare at the start of the show. I blamed the switchboard. Aaron mocked me. I still vote it was a tech error, not a user error, but on with the show.

Laura Fitton, founder of freshly launched oneforty, author of “Twitter For Dummies” and owner of Pistachio Consulting was scheduled to be our guest. We knew our time with Laura would be short as she was at LAX waiting for a flight to DFW, but we did not expect iPhone failure when her device decided that it no longer had a SIM card and wouldn’t let her call in.  A series of frantic email exchanges ensued as we went along with the show. She raced around the airport trying to find a pay phone. Did Laura make it on? I’m going to keep you in suspense as I highlight what we talked about:

Read the rest of this entry »

September 23rd, 2009

Newest Twitter phishing attack is not 'rofl'-worthy

Posted by Jennifer Leggio @ 11:40 am

Categories: Security, Social Media and Security, Social Networks, Twitter

Tags: Twitter Inc., Phishing, Cyberthreats, Corporate Communications, Spam, Viruses And Worms, Security, Spam And Phishing, Marketing, Jennifer Leggio

Looks like the bad guys are up to it again. Or still. Or again. Twitter is being inundated with warnings about a new phishing attempt that tries to take advantage of, you guessed it - user vanity and sense of humor.

The new attempt, after taking hold of a specific user accounts, blasts a series of direct messages (DMs) to trusted, connected users and says something like: “rofl this you on here?” and provides a link to a supposed video site. Sound like our friend Koobface? Sure it does.

Users who receive these DMs should immediately delete them and notify the user who unwittingly sent the DM (don’t alert through DM, but through a public message or email). Users who are notified of a compromise on their accounts should immediately change their passwords and also do a scan of their systems, to ward off any other potential malicious coding found on the site they clicked on to get phished in the first place.

August 17th, 2009

Spotting a new breed of Twitter spammers

Posted by Jennifer Leggio @ 9:32 am

Categories: Security, Social Media, Social Media and Security, Twitter

Tags: Spammer, Twitter, Q., Spam, Cyberthreats, Security, Spam And Phishing, Jennifer Leggio

Over the last month I’ve made some of the best Twitter friends. They mostly live in the UK in cities of which I’d never before heard: MansonCharles, JohnGoogle, TownleyJames, WozniakSteve and JamesSunny.

Wait, those are spammers?

In all seriousness, Twitter spam is getting even more out of control. As a user, sure, a distributed denial of service (DDoS) attack on a site upon which I rely is an inconvenience, but the spammers are what impact us day-to-day. I’ve noticed a few new trends with the newest batch of Twitter spammers:

• Most of them come from cities similarly patterned after my UK “friends” above
• Many are now using pictures of families and children rather than cracked out porn stars
• They start on Friday nights, hammer through on Saturdays and cool down on Sundays
• They are amassing good amounts of followers

Usually a spammer can be spotted from its exceptionally imbalanced ratio of followers to followees. But the new breed of spammers aren’t as easily figured out — at least not by the majority of non-savvy social network users. Using FriendorFollow I was able to enter names of some spammers into the analysis tool. I found that whoever is engineering these spam attacks is doing so pretty smartly, by making sure that all of the spammers are first following each other before following victims. This gives the impression to gullible users that, sure, these folks may have bad grammar but they seem like real people with a real following.

The content is even a bit more… believable. There’s a lot of talk about traditional Chinese food recipes. There are also seemingly Twitter tricks and tips being peddled via these spammer feeds. Who knows how many clicks these spammer links are getting before they are pulled down.

Next: A Twitter spam Q&A –>

August 6th, 2009

After Twitter attack, Facebook investigates potential foul play

Posted by Jennifer Leggio @ 10:02 am

Categories: Facebook, Security, Social Media and Security, Social Networks, Twitter

Tags: Facebook, Twitter, Attack, Social Networking, Security, Online Communications, Marketing, Advertising & Promotion, Jennifer Leggio

Early this morning it was reported that Twitter had experienced at distributed denial of service (DDoS) attack that took the site offline for a few hours (service has since been restored). During the time rumors floated that Facebook had suffered a similar attack due to slowness in service.

According to a Facebook spokesperson:

Earlier this morning, we encountered issues within our network that resulted in a short period of degraded site experience for some visitors. No user data was at risk and the matter is now resolved for the majority of users. We’re monitoring the situation to ensure that users continue to have the fast and reliable experience they’ve come to expect from Facebook… We are investigating potential foul play at this time.

While it is possible that Facebook encountered an attack of its own (aside from a new Koobface malware run) it is also just possible that the site was overflowing with lost Twitter users who were looking for temporary social networking salvation.

Update: Facebook confirms DDoS attack:

Earlier this morning, Facebook encountered network issues related to an apparent distributed denial-of-service attack, that resulted in degraded service for some users.

August 5th, 2009

Security risks of Web 2.0 tools should not be overlooked by enterprises, individuals

Posted by Jennifer Leggio @ 12:49 pm

Categories: Brand Management and Monitoring, Corporate Social Networking, Security, Social Business, Social Media, Social Media Best Practices, Social Media and Security, Social Networks

Tags: Web, Network, Malware, Tool, Current Technology, Web 2.0, Social Networking, Networking, Security, Internet

Like it or not, the use of Web 2.0 technology use in enterprises is here to stay. Even longstanding enterprise software providers, such as Salesforce.com, have created tools for integrating social networks into the customer support and lead generation process. And you’d be hard-pressed to find a Fortune 500 company that doesn’t, at the very least, have a corporate blog.

Over the last few weeks, two organizations issued study results focusing on the use of social networking within the enterprise. RSA Conference, in its “What Security Issues Are You Currently Facing?” report, surveyed nearly 150 C-level executives and professionals charged with directing, managing and engineering security infrastructures within their respective organizations.

Social networking and security was a consideration, however it appears that organizations thus far claim to have been minimally impacted by social network threats. According to the survey, 84 percent of respondents allow Twitter and Facebook in the enterprise, however only 3 percent were seriously affected by the recent Facebook and Twitter phishing attacks.

“The fact that only 3 percent of people surveyed said that their companies had been impacted shows how big the problem really is,” said Mike Murray, chief information security officer for Foreground Security. “The problem is that the security technology they have in place doesn’t allow them visibility into the threats. Current technologies are not looking for threats that take advantage of human weakness. It’s like having your hands over your eyes. It’s such a bad problem they can’t even see it.”

In another study, Frost & Sullivan issued its “Web 2.0 Tools: Consumer Technologies Entering the Enterprise World” report. The firm surveyed more than 1,400 Web 2.0 tools users who work fulltime within a U.S. organization. According to the report, there are many perceived risks of Web 2.0 tools in the enterprise, including fear over confidential information inadvertently being published, allowance of malware onto corporate networks, network bandwidth issues and loss of employee productivity. Respondents ranked social networks as the tool with the largest perceived risk, above blogs, wikis and team spaces. While to the users social networks presented the greatest risk, that risk is still perceived as only “moderate.”

The fact that both studies indicate a lukewarm concern toward Web 2.0 tools in the enterprise is alarming, and to Murray’s point shows that those surveyed may not understand the larger problem at hand. Earlier this year Kaspersky Labs issued a report stating that attacks through social networks are 10 times as effective as distributing malware through email. That Web 2.0 tools, including social networks, pose a larger security risk to individuals is a misconception. Any of these types of attacks could present serious ramifications for businesses.

Next: Methods to address the madness –>

July 22nd, 2009

SecurityBSides 'unconference' takes on Las Vegas during Black Hat, Defcon

Posted by Jennifer Leggio @ 9:57 am

Categories: Black Hat, Conference News, Security, Social Business, Social Media, Social Media and Security, Twitter

Tags: Black Hat, Event, Speaker, Jennifer Leggio

Next week in Las Vegas, there’s a new conference in town. “Unconference,” that is. Security BSides will coincide with the popular Black Hat and Defcon conferences, and take place at a location off of the strip. It is a free, two-day event made up of 65 attendees (so far), 15 presenters, and six organizers.

The concept of SecurityBSides resulted from reaction to a number of rejections to the call for papers (CFP) for Black Hat USA 2009. According to the organizers:

A number of quality speakers were rejected, not due to lack of quality but lack of space and time.  Any constrained system must operate within the bounds to which it has defined itself.  Conferences are constrained to the eight hours a day for however many days they run.  Our goal is to provide people with options by removing those barriers and providing more options of speakers, topics, and events.

The idea, according to the event’s mission, is not to compete with Black Hat and Defcon, but to complement it with an additional roster of speakers. It was launched in the same fashion as the popular Barcamp series, which expands expertise and speakers to new audiences, with the philosophy behind Noisebridge and other hacker spaces, which promote “doing” in addition to talking. While the first event will happen in conjunction with Black Hat and Defcon, the goal is to make SecurityBSides a global community with coinciding with multiple events worldwide.

In true unconference fashion, SecurityBSides is largely relying on community input to determine final topics. Presenters add their proposed talks to the speaker list and participants vote on what they want to hear via Twitter.  Those talks that garner the most conversation get added to the agenda

While the event is technically “invite-only” anyone can add themselves to the invite list up until the day of the event.  There’s already a pretty solid list of panelists on the roster, including Luis Corrons, H.D. Moore, Jennifer Jabbusch, David Rook and Val Smith.

The event is still open to individual and corporate sponsors. Details on the voting, panels attendees and so on can be found on the Web site or on the Twitter feed.

June 3rd, 2009

On Twitter: Difference between spam and noise

Posted by Jennifer Leggio @ 12:47 pm

Categories: 140 | The Twitter Conference, Microblogging, Security, Snake Oil, Social Business, Social Media, Social Media and Security, Twitter

Tags: Spamming, Twitter, Spam, Cyberthreats, Security, Spam And Phishing, Jennifer Leggio

Last week at 140 | Twitter Conference I attended a panel on Twitter strategies and real-world case studies. Overall it was a solid panel with some talented speakers (Jeff Pester, Bryan Rhoads, Warren Whitlock, etc). Unfortunately, amid the good stuff, there was one not-so-little thing that made me twitch: the overuse of the term “spam” on Twitter.

A lot of audience members were asking about “Twitter spam” and the panelists were supporting the very loose use of the word spam. I was sitting with a person who works in social media for a large security company and I leaned in and said, “Is it me or is that not spam?” He agreed. Just because someone or a company is chatty on Twitter doesn’t mean that he or she is a spammer… or spamming you. Sure, companies can often over-market and that’s a huge mistake, but they are not spamming you if you have opted in to follow them.

Let’s start with a visual demonstration. This is spam:

I don’t follow this company. I have no idea what I said to make this person think I wear hats with flowers on them (I look nothing like Mayim Bialuk) but they decided to send me two unsolicited @ messages suggesting ways I can make that happen (never going to happen). I was annoyed. I responded promptly and said “Please stop spamming me.” The message was unsolicited. I have no interest in this company’s business and I don’t follow it. And I am certainly not going to start. I have received similar messages when I have mentioned hotels, airlines, shampoo, make-up, etc. All unsolicited and rarely useful.

What to do? What is noise? –>