Archive for the ‘Social Media’ Category
Deciding on a company name can backfire
September 19th, 2011So over the weekend, Netflix decided to split their business into 2 separate companies – the Netflix we know and love which will be responsible for streaming video (to your DVD player, computer, smartphone, etc) and a new company called Qwikster which is responsible for the physical DVD shipments (which is actually the original Netflix business model). The problem is, they didn’t secure all of the relevant domains and social media accounts to go with their new name. On Twitter, there’s been a user called qwikster which does not represent Netflix and will see a significant jump in his mentions and follower count simply because of the confusion.
So what do you do as the company? Just get over it? Try to buy the name (which violates Twitter’s terms of service) ? Or something else? With a marketing group and M&A team as large as Netflix, was this an oversight or just one of those things that people didn’t think was important?
As a business owner or marketer, what would you do?
Google Users Fall Victim to Man-in-the-Middle Attack
August 30th, 2011Originally posted at Barracuda Labs Security Blog
Yesterday reports began to
trickle in that Google users in Iran were victim to a man-in-the-middle attack
through the use of an illegitimate SSL certificate issued for “*.google.com”.
This is the latest in a series of events involving a hacked Certificate
Authority, but this time there was clear evidence that the fake certificate was
being actively used. Details of the attack and consequences are being
written about extensively elsewhere, so we will give a brief overview and link
to those directly involved and others with particularly insightful analysis.
The certificate being used
was issued by a Dutch certificate authority, DigiNotar. The consequence is that
this CA has essentially been given the “death penalty”. Microsoft, Mozilla and
Google have removed the DigiNotar root certificate from their chain of trust
and certificates signed by them will have no more trust than one you generate
yourself. It is good to see that those who have the strongest position
when choosing which certificate authorities to trust are doing the right thing
here, with a technology that so many people rely on for security, privacy and
economic reason a “one strike and you’re out” system is appropriate. With
each attack similar to this one, we see that the current system of Certificate
Authorities is quite open to abuse with the combination of centralized and
opaque trust. Compromises of that trust can have severe
consequences. The system is clearly broken, and while some are working on
replacement solutions, it is what we have to use in the mean time.
Users are advised to remove
the DigiNotar root certificate.
Firefox:
http://support.mozilla.com/en-US/kb/deleting-diginotar-ca-cert
Chrome:
http://googlechrometutorial.com/google-chrome-advanced-settings/Google-chrome-ssl-settings.html
IE:
Some newer versions of Windows seem to be automatically checking a CRL and
therefore are able to provide protection without a software update: “All
supported editions of Windows Vista, Windows 7, Windows Server 2008, and
Windows Server 2008 R2 use the Microsoft Certificate Trust List to validate the
trust of a certificate authority. There is no action required for users of
these operating systems because Microsoft has removed the DigiNotar root
certificate from the Microsoft Certificate Trust List.”
However older versions of
Windows do not provide automatic protection:” Microsoft will release a future
update to address this issue for all supported editions of Windows XP and
Windows Server 2003.”
http://www.microsoft.com/technet/security/advisory/2607712.mspx
The DigiNotar root will be
being removed from relevant Barracuda Networks products.
Further reading:
Google Online Security
Blog: An
Update on Attemped Man-in-the-Middle Attacks
DigiNotar Response: Diginotar
Reports Security Incident
When a country shuts down the internet, is your company at risk?
February 20th, 2011With the proliferation of short urls for use in twitter, facebook, foursquare and others, many companies are purchasing domains not in the usual .com and .net but instead using formerly country specific domains like .co, .ly, .in and lots of others. Over the past few weeks, we have all seen the unrest in Egypt, Libya and other countries which has caused some of them to shut down internet access. So where does this leave the companies who own domains controlled by these countries?
Without getting into the technical details of the internet – the short answer is: it depends. Every top level domain (TLD) name (.com, .net, .ly, .it, etc) are controlled by a specific country (.com is controlled by the US). If the main registry for the TLD goes down and the backup copies go down, then all of the domains for that TLD will be inaccessible. Some countries have started using out of country backup providers but many of the smaller ones simply haven’t gotten there yet. Last week, Libya shut down their Internet for about 16 hours, fortunately for companies like bit.ly, their domains were still cached outside of Libya and were usable until the connection was restored on Friday only to be shutdown again on Saturday.
A number of companies (posterious is one) are starting to shift over to new shortcut urls, but what a shift and disruption in their business this is causing, not to mention the engineering expense to plus the loss of brand collateral.
So what would your business do in this situation? What’s your backup plan if you own one of these domains? Currently we own ajci.co but we’re not using it for anything critical (we use it as a short url for posts instead of bit.ly links). Other domains we own with country specific TLDs we are using but only as a secondary option. If something were to happen with the internet here in the US, we do have a backup plan in place to use an alternate domain name and an alternate hosting provider. Just like every area of your business your internet presence deserves a disaster plan.
What is your business doing to ensure a single event can’t shut down your business or an outside entity can’t jepoardize how you communicate with customers? I’d love to hear your thoughts.
Blogging Every Week for 2011 #postaweek2011
January 1st, 2011I’ve decided I want to blog more. Rather than just thinking about doing it, I’m starting right now. I will be posting on this blog once a week for all of 2011.
I know it won’t be easy, but it might be fun, inspiring, awesome and wonderful. Therefore I’m promising to make use of The DailyPost, and the community of other bloggers with similar goals, to help me along the way, including asking for help when I need it and encouraging others when I can.
If you already read my blog, I hope you’ll encourage me with comments and likes, and good will along the way.
Signed,
Joe Vivona
Today’s the Day — Tech and Legal Join Forces
November 19th, 2010Drumroll, please…LawPivot is here! The Q&A site meets Social Network concept is a self-described startup “Quora for legal” that allows technology companies to confidentially ask legal questions to expert attorneys. The founders are attorneys with technical experience. Jay Mandal, CEO, was a lead mergers and acquisitions attorney at Apple and co-founder Nitin Gupta was an intellectual property litigation lawyer.
For now the site is free for both companies and attorneys. It’s a great resource for startups, especially those who have not yet established a relationship with an attorney. Questions are completely confidential. Each question posed will receive confidential answers by various attorneys who cannot view each others answers.
If you are any type of attorney, I suggest you check out the site and see if it’s for you. I imagine a lot of start ups will. Visit http://www.LawPivot.com for details.
^ Julie Settle, A&J Computers Inc.
