Archive for the ‘Social Media’ Category

Twitter Power – Book Review

This should be considered the “how-to Twitter bible” for beginners and experts alike. For beginners, the book talks about how to use the technology for many different purposes including advertising, selling, customer service, etc.

For advanced users, the book discusses third-party tools, Twitter application development, and legal concerns.

Personally, the section I enjoyed the most was how to use Twitter to build and maintain a personal brand.

Joel writes in a very friendly, informal way which puts the reader at ease and enables them to digest the material at a rapid pace. Don’t let that fool you though – there are plenty of examples, case studies, and hyperlinks throughout the book.

The book ends with a 30 day action plan for how to get maximum value from using Twitter. It has specific steps to accomplish each day.

Purchasing the book also includes a free “ticket” to Joel’s online 4-week social media workshop. I found out about this feature watching Joel’s video preview of the book on Amazon. It was one of the deciding factors to purchase this versus another Twitter title. However, when the book arrived, I got so caught up in reading it, I haven’t registered for the online workshop yet. I guess that is the ultimate testimonial for how engrossing the book is…

Related Posts:

Advertisements

What Every IT Professional Should Know About 802.11n

CWdot11nPostAre you one of the thousands of people who already read, “What every IT professional needs to know about 802.11n”?  If so, thanks for reading!   

Please feel free to comment, either here at WiFiJedi.com or on the actual Computerworld post.   

I also recently found out that someone submitted the story to Reddit.com (thank you to “Geek” for picking up the story).  

I have to admit that I am still learning about the social bookmarking sites such as Digg, Reddit, and Delicious.  However, I always appreciate the additional exposure, so please consider adding any of my stories that you think are worthy.  I also love the comments that come back from getting listed on a social bookmark system.  They help me focus on what’s most helpful for you, the reader.  

Stay tuned to my Computerworld blog (http://blogs.computerworld.com) for Part 2 of this series, in which I will discuss some of the main deployment considerations for 802.11n WLANs.  NOTE: I am attending INTEROP this week, so it probably won’t appear until sometime next week. 

My Customized Twitter Background

 

As many of you know, I have started an account on Twitter under the user name “wifijedi”.

No, I wasn’t influenced to join by Oprah, or the Ashton Kutcher vs. CNN competition.

I see it mostly as a micro-blogging tool and enjoy sending out shorter, yet more frequent updates.

Recently, my Twitter profile page got a makeover. Thanks to friend and co-worker John Merrill, I now have a customized background.

My background serves as a central repository for WiFi Jedi branded content including my blog, my Computerworld blog, my LinkedIn profile, and my lens on Squidoo.

You can check out my new background at http://www.twitter.com/wifijedi

Copycat Twitter Worm?

I originally wrote this piece as a guest post for An Information Security Place. However, I wanted to re-post at WiFiJedi.com FRIDAY 4/17 Update: Apparently the behavior described below is tied to a buggy Pidgin plugin. I haven’t been able to confirm that 100%, but thought I should deliver the latest & greatest…

—————————————————————————————–

As most of you know, Twitter was hit with a series of worms this past weekend. They were created by 17 year old, Mikey Mooney, creator of the website StalkDaily.com (don’t visit the site). The original worm seemed fairly innocuous, with messages that were created to drive traffic to the StalkDaily website.

I wrote a Computerworld blog post, where I detailed the original attack as well as provided a list of security recommendations. In that post, I commented that Twitter users should be on the lookout for modified worms, especially as additional details of the original attack come to light.

After Twitter patched the original cross site scripting (XSS) flaw, which exploited the “link” field in a user profile, another variant of the worm appeared. This time, the worm exploited the “color” setting of the user profile. Modifying the worm highlighted that the XSS vulnerability was not limited to a single field and that Twitter would have to institute a comprehensive patch, not a band-aid solution.

The variant of the worm automatically generated tweets with the term “mikeyy”. These were sarcasitic in nature and seemed to be tounge-in-cheek. Examples include:

  • Mikeyy I am done…
  • Mikeyy is done…
  • Twitter please fix this, regards Mikeyy

The general consensus today is that the “StalkDaily” and “Mikeyy” worms have been adequately addressed. However, I am not fully convinced. Four days after the original worm, I am still seeing suspicious behavior. A colleague of mine has a Twitter account that automatically started generating tweets saying “I am not here right now.”

Using a third party iPhone application, TweetStack, I am conducting periodic searches on the string “I am not here right now.” I found that this is not nearly as wide spread as the “StalkDaily” Twitter worm, but has affected at least a couple dozen accounts.

While this could be yet another variant of worm created by Mikey Mooney, my suspicion is that this is a copycat worm created by another party (most likely a Scriptkiddie).

Are YOU still seeing anomalous behavior on Twitter? I would love to hear about it! Please comment below as well as notify the Internet Storm Center if you see anything noteworthy.

Groundswell by Charlene Li and Josh Bernoff – Book Review

I would like to offer periodic book reviews on WiFiJedi.com   The plan is to review wireless networking and security books. However, I have been doing a lot of reading about blogging and social media these days. Therefore, this week I am reviewing the book “Groundswell” by Charlene Li and Josh Bernoff.  

Please let me know in the comments section if you like the idea of book reviews.  Also let me know if you would like them strictly on wireless, or if you don’t mind if they are off topic.  

I originally bought this book based on a You Tube video of the author, Charlene Li, making a presentation under the “Authors @Google” program. I guess the Groundswell sold one more copy of her book…

In many ways, this book reminded me of Jim Collin’s “Good to Great” book. “Groundswell” is very quantitative in nature. There are a TON of in-depth case studies – the book even contains a case index in addition to a subject index.

The book is well structured. It is broken into three main parts and has a logical idea flow of listening, talking, energizing, supporting, and embracing the groundswell. While I liked the structure, it took more time to read than most books due to its academic nature. 

Overall, the authors take a practical, high-level approach to social media. They focus on the people, objectives, and strategy BEFORE they focus on any given technology.

This should definitely be a cornerstone text in any library on Social Media!

Twitter Worm Blog Post on Computerworld

computerworldI have started blogging for Computerworld.  I am serving up content for their Mobile & Wireless space.  

I wrote a post over the  weekend detailing two variants of a Twitter worm – one advertising StalkDaily.com (don’t visit the site) and another highlighting the 17 year old behind the website who goes by the name of “mikeyy”.  

My post details how the worm spreads, as well as provides specific security recommendations.  You can read the post in its entirety at: 

http://blogs.computerworld.com/twitter_worm_still_on_the_loose

I am also excited because I have my first Computerworld comment.  I really enjoy the community aspect of blogging, so feel free to leave comments here at WiFiJedi.com or at Computerworld anytime !

Stephen Northcutt Interview

I am very excited to announce that I was recently invited to blog for Computerworld!  My blog is titled “Cautiously Cutting the Cord”.  In my first post, I spoke with Stephen Northcutt (CEO of the SANS Institute). We spoke about wireless networking & security, social media, and other topics.  While I posted the wireless portion of the interview at Computerworld, the rest of the interview follows:


DH: Another topic that I know we are both interested in is Social Media. I want to know your thoughts on where social media is headed, what the security risks are, and how you plan to either use or not use social media to expand and protect your brand with SANS.

SN: My first observation with regards to social media is that we may go through some transitions, but on the longer haul it’s going to definitely be a change in the way we think, the way we work, and the way we process information. Just this morning, I was watching a video of some research that they’ve done where you wear a camera and projector around your neck and when you run into information, the system helps you process it in context. So if you run into another person, the system might display word tags about the other person on their chest to help guide your conversation. Another example of that system is if you’re going to the airport you might just hold your ticket in front of the camera and it will begin to give you information about your flight status and gate and that sort of thing. So these things have very bona fide, obvious uses.  


DH: What about the security risks of social media?

SN: Well, the biggest security risk for social media is the OPSEC (operational security) kind of stuff.  We are going to be giving out more information about ourselves than ever before.  Bad people will use that to craft attacks against us pretending to be someone else or pretending to give us some sort of opportunity. But we will get through this – we will be wise.  Speaking only for myself, I’m not terribly worried about someone being able to fool me by the information that’s out on social media in the same way that I can look at in an inbox, and if the subject line is fishy, I can usually tell without opening the message. I see the subject line and I know that it’s not for me.


DH: Do you think that social media and its threat will legitimize the need for more security awareness training?

SN: I certainly hope so.  One of the experiments that we are trying on Twitter with SANS is to tweet a security tip of the day, every single day.  If we are fortunate enough that this works and people follow us, then more and more people will be exposed to these tips.  Furthermore, if security people encourage others to follow us, then we are reaching the right audience, which is a really cool thing.  The investment is so low. With 140 characters, how much time does it take to read? I guess 4 or 5 seconds.  You can read a tweet in almost no time. 


DH: How do you see social media as an opportunity to expand your brand?  How do you see social media as a potential threat to your intellectual property or your brand?

SN: Well I don’t see social media as a threat to our intellectual property. We sort of have a fixed problem of people trying to steal our intellectual property, with a fixed solution (the legal system) and I don’t think social media changes that. In terms of a threat to our brand, obviously if anyone that we would view as a competitor does a better job of using social media –  get more followers or get more press – then obviously that could take some shine off our brand. On the positive side of things, with LinkedIn, I’m approaching 600 connections at this point and they’re all business. Wherever those people go, they remain linked to me unless they choose not to. I’m not linked to Stephen Northcutt, I’m linked to SANS Institute so I’m building connections for the business.  There’s a guy who has already written an application already that ties Twitter to Salesforce and so there is some serious opportunities to leverage the technology if we can believe in it.  My one concern is that if too many people from SANS go chasing  too much social media it will dilute the brand message and also churn up some time that could’ve been spent doing other things. So while I do get on Twitter, I am a bad Twitterer. I’m on there once every three or four days because I know there is a SANS Institute account and I know they’re going to do something every day, and I don’t feel the pressure.


DH: The Internet Storm Center also has a Twitter account that they update a few times a day with different threats as well. 

SN: That’s great! I didn’t even know that – I try to follow them.


DH: That’s really all I wanted to cover but I figured you are gracious enough to talk to me about two things I am passionate about, was there anything you wanted to communicate, either about your organization or something that you think needs more coverage?

SN: I think that we have two exciting opportunities right now as a community. Neither one of these are SANS specific and I want to be VERY clear about that. The NSA blue team has wanted to put their methodology into the hands of the public for some time (maybe not all the secret sauce you understand) but to try to begin to turn around the absolute devastation that American corporations and US government are facing under the persistent technical threat of other countries infiltrating our information for their purposes. The project is called the Consensus Audit Guidelines.  SANS does host them, there found at http://www.sans.org/cag but they’re not ours and we’re not claiming they are ours.  We’re not the sole arbiters of them.  The person in charge of the project is the former CIO of the Air Force, John Gilmore -somebody who is definitely his own man. We’re just excited that we get to participate and make suggestions.  I would love to see more attention to the CAG, more of the community contributing to the CAG effort of people trying to implement some of the controls in their organization and then reaching back into the community with their experiences.  I think this is potentially one of the most important things we are doing.

SN: The other is that the government is about to announce a scholarship program for younger people that show talent in science and technology area, who have an interest in information security. Apparently something along those lines has been happening in China, and is a big part of how the Chinese developed their ability to extract information from both the US and other part of the world assets.  They found a few good hackers who were willing to train others and so forth.  We’re less interested in the United States in hacking, but we certainly do need to be interested in configuring well, and so I’m hoping this program is a success. You know, the government starts many, many, many programs (and not all of them succeed), but I hope this one succeeds. I hope that SANS can have some part in that success.  Additionally, I hope that anyone who ever hears this recording or reads the transcript will be interested in doing what they can to mentor some promising young person.  For one thing, some of these folks who have an interest in security are going to end up in organized crime or hacking, and so trying to give them an chance to do something exciting and challenging as well as being part of the community is too important of an opportunity to pass up.

 

Advertisements