Archive for the ‘Security’ Category

SMX Advanced – Day 1 Recap

I was lucky enough to be up in Seattle yesterday to sit in on the sessions at SMX Advanced.   SMX stands for Search Marketing Expo and SMX Advanced is one in a series of a half dozen conferences run around the world each year.  Each of these conferences is dedicated to Search Marketing. 

My favorite session of the morning was “Twitter Tactics and Search Marketing”. There were several presenters, including Michael Gray, President, Atlas Web Service and Joanna Lord, Co-Founder & CMO, TheOnlineBeat.  

Michael was my favorite presenter of the show.  His presentation was fast paced and insightful – very difficult to put into words. He started his presentation with “There is no right or wrong way to use Twitter.  You need to determine what works for you”, which set a very down-to-Earth tone. Michael listed off what seemed like a thousand tools and tactics for twitter, but my favorite soundbite of his presentation is that “the re-tweet is Twitter gold“.  He suggested that you RT (re-tweet) the most self-serving tweets of people you want to notice you.  

Although Michael was a hard act to follow, Joanna definitely held her own.  She offered great advice with regards to Twitter use and security. She suggested the following: 

  • RESEARCH an application/tool BEFORE giving them your PASSWORD 
  • Read.The.Link.Before.You.Push!!! (reference to the use of URL shorteners and re-tweeting links)

My favorite afternoon session talked about Search Engine Rank Factors (SERFs) in 2009 and had heavyweight presenters Rand Fishkin, CEO of SEOmoz, Laura Lippay, Dir. Technical Marketing at Yahoo, and Marty Weintraub, President of aimClear. What I took away from the session was that Search Engine Optimization (SEO) is more than meta tags, inbound links, keyword density, etc.  It is about being viral, creating buzz, and creating a great product. Laura suggested asking yourself “What is it going to take to outrank our top competitor?”  Simple, yet profound.  I don’t think many people ask themselves this question. I think fewer people are disciplined enough to follow through with the actions needed to become #1.    

Besides the great educational sessions, there was an excellent vendor in conjunction with the conference.  All the large players were there such as Google, Microsoft, Facebook, and SEOmoz.  Microsoft had the most interesting booth promoting their new “Bing” search engine. I particularly liked that you could use an XBox 360 controller to control maps provided by Bing.  The best swag was provided by SEOmoz, who gave away cans of “Link Juice”.  The LinkJuice reminded me of the case of Brawndo that I bought off the Internet before Christmas (a reference to the movie Idiocracy, if you haven’t seen it). 

Unfortunately, I had to leave the conference before the evening keynote on Day 1 due to client commitments.  It looked like there were some great Day 2 sessions as well as vendor sponsored parties.  I am definitely going to keep Search Marketing Expo events on my radar over the coming year.

Advertisements

Wireless Security – Super Tuesday Poll

Related Posts:

Copycat Twitter Worm?

I originally wrote this piece as a guest post for An Information Security Place. However, I wanted to re-post at WiFiJedi.com FRIDAY 4/17 Update: Apparently the behavior described below is tied to a buggy Pidgin plugin. I haven’t been able to confirm that 100%, but thought I should deliver the latest & greatest…

—————————————————————————————–

As most of you know, Twitter was hit with a series of worms this past weekend. They were created by 17 year old, Mikey Mooney, creator of the website StalkDaily.com (don’t visit the site). The original worm seemed fairly innocuous, with messages that were created to drive traffic to the StalkDaily website.

I wrote a Computerworld blog post, where I detailed the original attack as well as provided a list of security recommendations. In that post, I commented that Twitter users should be on the lookout for modified worms, especially as additional details of the original attack come to light.

After Twitter patched the original cross site scripting (XSS) flaw, which exploited the “link” field in a user profile, another variant of the worm appeared. This time, the worm exploited the “color” setting of the user profile. Modifying the worm highlighted that the XSS vulnerability was not limited to a single field and that Twitter would have to institute a comprehensive patch, not a band-aid solution.

The variant of the worm automatically generated tweets with the term “mikeyy”. These were sarcasitic in nature and seemed to be tounge-in-cheek. Examples include:

  • Mikeyy I am done…
  • Mikeyy is done…
  • Twitter please fix this, regards Mikeyy

The general consensus today is that the “StalkDaily” and “Mikeyy” worms have been adequately addressed. However, I am not fully convinced. Four days after the original worm, I am still seeing suspicious behavior. A colleague of mine has a Twitter account that automatically started generating tweets saying “I am not here right now.”

Using a third party iPhone application, TweetStack, I am conducting periodic searches on the string “I am not here right now.” I found that this is not nearly as wide spread as the “StalkDaily” Twitter worm, but has affected at least a couple dozen accounts.

While this could be yet another variant of worm created by Mikey Mooney, my suspicion is that this is a copycat worm created by another party (most likely a Scriptkiddie).

Are YOU still seeing anomalous behavior on Twitter? I would love to hear about it! Please comment below as well as notify the Internet Storm Center if you see anything noteworthy.

Twitter Worm Blog Post on Computerworld

computerworldI have started blogging for Computerworld.  I am serving up content for their Mobile & Wireless space.  

I wrote a post over the  weekend detailing two variants of a Twitter worm – one advertising StalkDaily.com (don’t visit the site) and another highlighting the 17 year old behind the website who goes by the name of “mikeyy”.  

My post details how the worm spreads, as well as provides specific security recommendations.  You can read the post in its entirety at: 

http://blogs.computerworld.com/twitter_worm_still_on_the_loose

I am also excited because I have my first Computerworld comment.  I really enjoy the community aspect of blogging, so feel free to leave comments here at WiFiJedi.com or at Computerworld anytime !

Advertisements