Wednesday, April 30, 2014

Anonymous Login From Facebook



As I am watching the F8 Conference Mark Zuckerberg announces a new anonymous login from Facebook.

This will give folks the ability to try new apps without having to identify themselves. 
The ability to log into Facebook anonymously will be extremely popular in  my opinion.





Facebook F8 Conference Kickoff At 10:00AM PST

The live feed is at

https://f8.facebooklive.com/

I expect to hear the word Mobile 5483728 times while watching this.

Facebook's growth with mobile has been huge in the last 2 years. Expect this to be their target.


Twitter Struggling



Nicole Perlroth writes that Twitter is struggling to convince Wall Street that it is still a company with plenty of potential to grow.

In its second earnings announcement as a public company, Twitter said on Tuesday that it had more than doubled revenues, beating its own forecasts and the expectations of investment analysts. But the social network’s stock fell more than 11 percent in after-hours trading because the number of people who joined it did not increase as fast as many had hoped.

Wall Street, it appears, is more worried about Twitter’s ability to add users and keep them engaged than about its ability to increase revenues.

In the last two quarters, that has been a problem. Twitter said it had 255 million monthly users globally in March, up 5 percent from 241 million at the end of December, which ended a quarter in which monthly active users rose less than 4 percent.

“They need to prove that they can be a very large-sized platform,” said Arvind Bhatia, an analyst with Sterne Agee, an investment firm. “Can they get to 500, 600 million users worldwide? That’s what they have yet to prove.”Continue reading the main story

Twitter’s share price has dropped by nearly a third since its earnings announcement last quarter.


And engagement, a measure of user activity on the site, looked lackluster. On average, users refreshed their Twitter feeds 614 times a month during the recent quarter, up only slightly from 613 times a month in the fourth quarter. Twitter users, especially those overseas, were refreshing their feeds less frequently than they were in the year-ago quarter.

But most disconcerting for shareholders is that Twitter made $1.44 in advertising revenue for every 1,000 timeline views, down from $1.49 in its previous quarter. That may be the best marker of Twitter’s ability to make money from its platform, and in the first quarter it was trending down. In a call with analysts, Twitter’s executives attributed some of that to seasonality because the fourth quarter tends to be the most profitable.

Twitter’s revenue in the first quarter, which ended March 31, was up 119 percent to $250 million from $114 million in the first quarter of 2013. Wall Street had expected Twitter to report revenue of $241 million, according to consensus estimates from Thomson Reuters, while Twitter had forecast slightly lower first-quarter revenues in the range of $230 million to $240 million.

Twitter posted a net loss of $132 million, compared with a loss of $27 million a year ago. Adjusted earnings, however — which exclude stock-based compensation and other expenses — were $183,000, or about break-even per share, compared with a $10.5 million loss a year ago.

In an interview, Dick Costolo, Twitter’s chief executive, tried to reassure skeptics.

“We’re focused on driving up the value of each timeline,” Mr. Costolo said, using a term to refer to users’ Twitter feeds. He noted that “favorites” and “retweets” — two actions users take on Twitter’s site which require an extra click — were up 26 percent in the first quarter and said new users were as engaged as older ones, an indication that the site is not as confusing to newbies as critics contend.

Tuesday, April 29, 2014

Facebook Is Dominating Social Logins

Frederic Lardinois from Techcrunch states that social logins are a convenient way to sign in to services without having to go through lengthy sign-up procedures and setting up yet another password. According to the latest data from social login service Gigya, Facebook remains the absolute market leader here and now powers more than 51 percent of all social logins in North America. Google+ is the second most popular service, but at 31 percent in North America, it remains far behind Facebook.
gigya_q1-14_data

The third most popular service in North America is Yahoo with 15 percent, but it’s actually losing share in every vertical tracked by the service while Facebook is dominant across platforms and verticals.

Twitter, it’s worth noting, is a very minor player in the social login world. Both on the desktop and on mobile, it accounts for about 4 percent of social logins through Gigya’s services.

The one area where Google has made significant inroads is media, where it powers 32 percent of logins, but even there, Facebook gained 2 percent compared to Q4 2013.

On Mobile, Facebook’s lead is even more pronounced. There, it powers 62 percent of logins, followed by Google+ with 26 percent and Twitter with 6 percent. Yahoo is a distant fourth at 4 percent.

Overall, the North American market mirrors Gigya’s worldwide stats, where in aggregate, Facebook leads with 53 percent, followed by Google at 28 percent and Yahoo at 13 percent.

Outside of North America, Facebook’s lead is even more pronounced. In Europe, it powers 59 percent of social logins, while Google is at 19 percent and Russia’s VK powers 9 percent. In South America, Facebook now leads with an 80 percent market share compared to Google+’s 13 percent. The numbers in other regions are similar, with the exception of the Asia-Pacific market, where Google is far behind numerous local services, including QQ and Sina.



Some Google Plus Users Can Now Use +Post Ads



At the end of last year, Google started testing the concept of +Post ads. The ads enable those with an account to turn any of their Google Plus content into an interactive ad, and have it run across the Google Display Ad network. Now Google has moved +Post ads out of their limited testing phase. The ads are now available to any Google Plus member with more than 1,000 followers.

+Post ads can be used to get other users engaging. People can comment on your ad, share the ad with a friend, or join a live Hangout On Air. Brands can also reply to any comments, giving them a one-on-one engagement with their customers. Another advantage with these types of ads is that once your ad campaign is over, the posts will remain in our archive (and become searchable on Google Search). So you can continue advertising your product.

With the Hangout option, the advertiser can show their products live. Google Plus users logging on can watch the Hangout and perhaps talk directly to the company representative and ask questions. Once the Hangout is finished, people who missed it will be able to watch a recording of it.

As Wordstream reminds us, social media advertising is going to be “the next big thing.” As we’ve seen, Facebook is ramping up the pressure on companies to buy Facebook advertising if they want their Page content to be seen. The company is also making its ads bigger. So Google has probably decided to go after a bigger chunk of this advertising revenue pie, too. There is certainly a lot of positive buzz about it.

Besides the 1,000 plus follower requirement, other criteria to be met are that your +post ads must contain content that’s relevant to your Google Plus audience. You must also have opted in to shared endorsements for Google Plus pages.

Monday, April 28, 2014

Facebook Business Manager Update

Facebook has updated their business manager. 

Here is the press release.

Today we’re expanding the availability of Business Manager, a tool that lets large advertisers manage all of their ad accounts, Pages, apps and permissions in one place — business.facebook.com.

Easier access
Business Manager integrates all your Facebook advertising campaign management efforts into one tool. It’s designed to simplify your marketing efforts.
If you’re advertising for yourself — say, you’re on the in-house marketing team for a national brand — Business Manager shows you:
1. The Pages, ad accounts and apps linked to your brand

2. The people on your team who can access these assets to do their job

3. External partners, like agencies or Preferred Marketing Developers (PMDs), with access to your Pages, ad accounts and apps

If you’re advertising for someone else — for instance, you work at an agency or PMD — Business Manager shows all the Pages, ad accounts and apps that your clients have allowed you to access, as well as the people on your teams who have access to them.

Increased control
Through Business Manager, you can control all aspects of your business on Facebook. You can add or delete ad accounts linked to your company.

And you can grant/revoke permission to employees and external partners for your ad accounts, apps and Pages.

Easier workflows
Business Manager is built to help advertisers work better and faster. With one click, admins can add new people to ad accounts and Pages, greatly reducing the time it takes to set up and manage marketing efforts. For employees and external partners, Business Manager makes it easy to find the things they’re working on.

Business Manager also makes it easier for people to keep their personal and business experiences on Facebook separate. People can use their Facebook login to access all the ad accounts and Pages they work on, without having to be friends with other people from work to gain access.

Friday, April 25, 2014

Facebook Launches Newswire



Today, Facebook Launched FB Newswire, a resource that will make it easier for journalists and newsrooms to find, share and embed newsworthy content from Facebook in the media they produce. Here is the press release.

Powered by Storyful, the leader in social content discovery and verification for newsrooms, FB Newswire aggregates newsworthy content shared publicly on Facebook by individuals and organizations across the world for journalists to use in their reporting. This will include original photos, videos and status updates posted by people on the front lines of major events like protests, elections and sporting events. FB Newswire is accessible on Facebook at Facebook.com/FBNewswire and on Twitter at @FBNewswire, and will be updated in real-time with content related to top news stories.







In Storyful, we’re excited to have found a partner with a track record of understanding both the potential of the social web as a key resource for media as well as the tools that newsrooms need to utilize it. We’re confident that their news expertise and best-in-class editorial team will help make it even easier for journalists to use compelling social content from Facebook in their newsgathering and reporting.

News is finding a bigger audience on Facebook than ever before. Journalists and media organizations have become an integral part of Facebook, which is visible in features like Trending Topics, improvements to Pages, and recent changes to News Feed. Publishers are seeing the results of our commitment, with referral traffic from Facebook to media sites growing more than 4x in 2013, and we’re excited to deepen our relationship with media organizations and journalists in the days to come.

Pinterest Gaining Momentum



CEO Ben Silbermann announced that users had contributed more than 30 billion Pins since the service was founded, a number that has grown by nearly 50 percent in the past six months alone. Users have also created more than 750 million boards in that time.

That growth has stemmed, in part, from the introduction of Related Pins, something the company released about a year ago. Nowadays more than 90 percent of Pins have Related Pins connected to them, and the number of people who repin Related Pins has grown by 20 percent.

Silbermann compared Pinterest to curation that already exists elsewhere in the world. Specifically, how collections on Pinterest are like curated art in museums, articles and photos in magazines, and collections of clothing at a retail location.

As Pinterest has grown up, it’s sought to provide a lot more information about the things its users are Pinning. For food,it introduced the ability to add full recipes. And just a few months ago, Pinterest released Place Pins.

“Boards themselves aren’t just containing images, they’re containing objects,” Silbermann said. “When you see a movie on Pinterest, it’s likely to have the actor and the director.”

In March, Pinterest said that 75% of its traffic was coming from its native mobile apps. And previously it announced that mobile traffic grew 50% in 2013. eMarketer now pegs Pinterest at 40 million monthly users in the U.S., an audience big enough to drive serious ad revenue, and that doesn’t seem to include mobile.

Thursday, April 24, 2014

Google Ramping Up For Advertising Dollars



Mark Bergen says Google on Tuesday plans to introduce its latest updates to AdWords, its core search product, and allow app developers to buy ads promoting installed apps in paid mobile search and YouTube. In 2011, Google introduced app-install ads in mobile search. Consumers have been able to open pages within apps via organic search results on mobile since November, but now the company is offering the capability to paid search advertisers.

The news comes a weeks after Twitter started selling app install ads, following Facebook's lead. Yahoo is floating the idea as well.

YouTube's app install ads will run with TrueView, the in-stream service that allows users to skip through videos, the company said. It was added to mobile in August of 2012.

While TrueView videos are priced on the high end, brand advertisers are generally fans of the offering, which charges advertisers only when viewers opt to watch the ad. Mobile videos are more time-intensive and expensive to create than display ads, but the quantity of video ads on mobile is expected to expand dramatically. According toeMarketer, around $660 million in digital video spending went to mobile in 2013, about 16% of the total. In 2018, 44% of digital video spending is set to go to mobile, with $5.4 billion in spending.

YouTube's slice of Google's ad dollars is growing rapidly, too. In 2013, YouTube brought in nearly $2 billion in net revenue, accounting for 5.6% of Google's overall net ad revenue, according to eMarketer. By the end of this year, eMarketer predicts YouTube will represent 7.2% of its parent company's ad intake.

"It's clear in mobile, the future for Google is with YouTube, not search," said Simon Khalaf, president and CEO of mobile analytics firm Flurry.

Mobile video advertisers end up paying roughly $2.50 per install and $5 per user engaged with the app after a week, according to Mr. Khalaf. Display ads can be cheaper, but rarely see such solid returns for engagement, he said.

In addition to the YouTube units, Google is introducing the ability to link directly within an app on search for AdWords. If a user has a particular restaurant's app installed, for example, the restaurant can buy mobile search ads with Google that bring consumers to a particular page in the app.

This capability -- referred to as "deep-linking" -- was offered with organic search earlier. Under the tweaks, AdWords clients will be able buy it as an ad unit as well.

The company has been gradually integrating its mobile network, AdMob, with its other products, including AdWords and Google Analytics, as its core search business becomes more focused on mobile apps.

"We'll enable you to reach people who are your most likely customers, based on the apps they use, the frequency of use and the types of in-app purchases they make," Jerry Dischler, VP-product management at AdWords, said about the new offerings for clients.

The adjustments to AdWords are expected to come into the effect in the coming months. Google will offer additional details at its search marketing forum today.

Google+ Gaining On Facebook



Google+ is doing what Google normally does. Win.

Customer profile-management provider Janrain offered its take on social login trends for the first quarter of 2014, which differed markedly from the conclusions provided by consumer-management-suite provider Gigya earlier this week on the same topic.

Janrain found that Facebook’s share of social logins was 42 percent in the first quarter, down 3 percent from the fourth quarter of 2014, while Google Plus saw a 3 percent gain, to 38 percent, and Yahoo was up 1.5 percent.

Meanwhile, Gigya reported that Facebook was on the upswing, while Google Plus was fairly flat, and Yahoo was on the decline.

Other highlights of Janrain’s findings included:
Google Plus overtook Facebook and LinkedIn in terms of social logins on business-to-business sites, but its lead is narrow.
Facebook extended its wide lead on entertainment and gaming sites, reaching 66 percent of social logins.

Janrain said of its findings:

While its share decreased from 45 percent to 42 percent during the first quarter of 2014, Facebook maintains its long-standing lead as the most popular choice for social login. The first quarter of 2014 also saw Google continue to rise in popularity. With a 38 percent share of all social logins, Google has gradually continued to close the gap on Facebook for the past six consecutive quarters. Its popularity is at its highest level in three-and-a-half years.

What accounts for this rise in popularity? The continued emergence of Google Plus certainly plays a role. In addition, Google has made a strategic push to unify each of its services (Gmail, Google Plus, YouTube, Google Drive, Android, Google Play], to name a few) under a single Google identity. Consumers are using a single Google identity to access each of these services, which may have a positive impact on the value and equity they place in that identity. Social login preferences tend to closely reflect these consumer affinities, and as services become stickier for consumers, the identity used to access those services tends to follow suit.

Yahoo also experienced its largest single-quarter increase in preference in four years, with its share jumping 1.5 percent. As Yahoo seeks to evolve its business model and create new revenue streams to build off of its first-quarter success, its share of social logins improved 1.5 percent during the first quarter of 2014. This success may be coupled with a renewed vision toward promoting its own identity and growing consumer affinity for the company through rich media content. With Yahoo’s recent decision to remove the ability to access Yahoo services using your Facebook or Google identity, we look forward to seeing whether its share of social logins will continue to trend in a positive direction.

Readers: Why do you think the conclusions on social login trends by Janrain and Gigya differ so greatly?

Wednesday, April 23, 2014

What Would You Do?



There has been and still is a ton of talk about employers asking potential employees during an interview about their Social Media habits.

Some employers are even asking for their username and password so they can login and see what they are doing.

So let me pose this question for thought.


Your in the middle of the interview, knocking it out of the ballpark, feeling really good about how things are going, then the interviewer turns the monitor around so you can see it and says, "As you can see this is the Facebook login page." "We found your Facebook page but it is marked private so I need your username and password so we can see what you post."


What would you do?

I have seen many humorous answers but I want everyone to consider what would you say?
I seen great answers in my search but the best one I've seen is this one.

Accessing my Facebook account is tantamount to asking for information such as age, marital status, sexual orientation, etc that are attached to my profile, and which you are not permitted to ask me about in an interview. Therefore, I must conclude that current law makes it illegal for you to request my login information.


I have to say that I would deny them access to my account.


Someone I knew told me one day that his company set up a new social media policy that you can't do this or can't post that. They way the company wrote the policy it took away any freedom he had about posting on anything.

He then did something very funny. He unfriended everyone that he worked with and then sent out a company wide email.

He said I have unfriended all employees of ***** that was on my Facebook account so nobody has to see me violate the new social media policy.


Classic.















Twitter Profile Redesign Rolled Out


Twitter has rolled out the new web profile design. Here are the highlights.

Best Tweets: Tweets that have received more engagement will appear slightly larger, so your best content is easy to find.

Pinned Tweet: Pin one of your Tweets to the top of your page, so it’s easy for your followers to see what you’re all about.

Filtered Tweets: Now you can choose which timeline to view when checking out other profiles. Select from these options: Tweets, Tweets with photos/videos, or Tweets and replies.

Monday, April 21, 2014

LinkedIn Reaches 300 Million Users



LinkedIn reached a milestone this month hitting a massive 300 million users.

Here is their press release.


We are excited to announce that we reached a big milestone today: there are now more than 300 million LinkedIn members in the world! More than half of these members come from outside of the U.S., while there are 100 million members in the U.S. While this is an exciting moment, we still have a long way to go to realize our vision of creating economic opportunity for every one of the 3.3 billion people in the global workforce.

To get there, we are delivering personalized experiences built around members and their identity, network and knowledge. We believe this focus will give us the ability to better help each of our members achieve their professional goals. This strategic shift has already come to life through our content products. To give our members access to all business knowledge they need to be great at what they do, we have brought together content from millions of publishers through Pulse, Influencer posts from approximately 500 of the leading minds in business, and most recently, our millions of members, as we continue to roll out our publishing platform and expand LinkedIn Groups and SlideShare.

We know mobile is critical. Later this year, we are going to hit our mobile moment, where mobile accounts for more than 50 percent of all global traffic. Already, our members in dozens of locations including Costa Rica, Malaysia, Singapore, Sweden, United Arab Emirates and the United Kingdom, use LinkedIn more on their mobile devices than on their desktop computers. Every day we see an average of 15 million profile views, 1.45 million job views and 44,000 job applications in over 200 countries through mobile.

In anticipation of the mobile moment, two years ago, we started developing multiple LinkedIn mobile apps to fit the different needs of our diverse members. Each of these apps is customized and tailored to a member-specific use case. As we expand our mobile app portfolio,such as our new SlideShare app, we’re also focused on bringing on top-notch partnerships with companies like Apple, Nokia, Samsung and others. You’ll see more strategic pairings throughout the course of this year.

We already have a strong presence around the world and will continue to invest in building out the experiences we offer to our members in key countries. Earlier this year, we expanded our presence in China with the launch of a beta version of our new Simplified Chinese site. Our goal is to connect the more than 140 million Chinese professionals with each other and the global workforce.

Our global footprint gives us the necessary elements to build the world’s first Economic Graph. As we continue to grow, we’ll be able to keep improving this valuable map of the connections between people, companies, jobs, skills, educational institutions and professional knowledge in the global economy.

As we’ve grown the value we deliver to our members has increased, the way they use our products has changed and our membership has become more diverse. The below infographic gives you a visual picture of how our network of professionals has grown and evolved over the last five years.

Friday, April 18, 2014

Twitter Going After More Advertising Business Through Apps



Twitter Inc took a significant step Thursday towards broaden its advertising business by offering mobile ads urging people to install apps on its social network as well as through MoPub, the mobile-advertising network it acquired last year.

As the mobile app economy grows, app developers have been willing to pay increasing amounts to advertise on major sites like Facebook to boost their app downloads.

Twitter said Thursday it could reach 1 billion unique mobile devices through its MoPub network, which places ads inside of hundreds of apps. Twitter, which acquired MoPub last year for roughly $350 million, reaches a more limited audience of 240 million users through its own Twitter.com Web site and mobile apps.

Twitter said it would allow developers to target their so-called app-install ads on Twitter, based on user interests. For example, a game publisher could promote its mobile games to Twitter users who have been identified as gamers.

Facebook Inc Chief Executive Mark Zuckerberg has in the past repeatedly identified app-install ads as a significant source of revenue for the world's No. 1 social network, although Facebook has never disclosed the precise amount in its financial results.

Facebook Releases Nearby Friends

This is a cool feature from Facebook. Here is the press release:
Today we are beginning to roll out a new feature called Nearby Friends that you can choose to turn on. Nearby Friends helps you discover which friends are nearby or on the go.
If you turn on Nearby Friends, you’ll occasionally be notified when friends are nearby, so you can get in touch with them and meet up. For example, when you’re headed to the movies, Nearby Friends will let you know if friends are nearby so you can see the movie together or meet up afterward.
Nearby Friends 1
Nearby Friends is an optional feature. You can choose who can see if you’re nearby (for example: your friends, close friends, or a specific friends list) and you can turn it on and off at any time.
Nearby Friends 2
Sharing your location with Nearby Friends goes two ways — you and your friends both have to turn on Nearby Friends and choose to share with each other to see when you’re nearby. Your friends will only be able to see that you’re nearby if you share this info with them and vice versa.
Find your friends nearby and meet up
If you turn on Nearby Friends, you can also choose to share a precise location with the particular friends you choose for a set period of time, such as the next hour. When you share your precise location, the friend you choose will see exactly where you are on a map, which helps you find each other. Then you can meet up and spend time together.
Nearby Friends 3
See when your friends are traveling
When Nearby Friends is on, you can see when your friends are traveling if they’re also using this feature and sharing with you. You’ll be able to see the city or neighborhood they are in, including on their profile. When you see a friend visiting a place you’ve been, it’s the perfect opportunity to send a recommendation for a great restaurant. You can also make last-minute plans to meet up with a friend who happens to be in the same place you’re headed to.

Thursday, April 17, 2014

LinkedIn's New Mobile App



Kurt Wagner reports this is the first mobile app for SlideShare; it allows users to scroll through a feed of slideshows and presentations uploaded by those they follow and connect with.

The feed on the Android app is personalized, meaning users can subscribe to certain categories like tech, finance, or news and politics. To view a slideshow, a user can swipe left or right to move between slides without ever leaving the feed. Users can also save or like slideshows, then come back to them later.

Almost half of LinkedIn's traffic comes via mobile (41%), and the company expects that number to reach 50% sometime in 2014. SlideShare is contributing to this figure; the company says that mobile views on SlideShare increased 223% last year.

The SlideShare app is LinkedIn's fifth app, and operates along the lines of LinkedIn's news reader app, Pulse, which also surfaces content based on categories and publications that users subscribe to. On SlideShare, selecting categories to follow is the first thing users do when opening the app.






SlideShare released its first app on Wednesday, which allows users to view slideshows and presentations on their phones.


Mashable reported that a new app was in the works from LinkedIn last week, but executives at the company were not specific on details. LinkedIn has adopted a "multi-app strategy," similar to Facebook's; the company plans to release a suite of standalone applications in hopes of capturing the attention of an users who are rapidly moving to mobile


LinkedIn's strategy around standalone apps focuses on one word: simplicity. The company tries to take its popular, existing services and build them out into mobile experiences, explained Parker Barrile, LinkedIn's VP of product for LinkedIn Talent Solutions, last week.


“Mobile apps work best when they are very focused on one specific use case or value proposition," Barrile added. "So whenever we see a use case among our members that we believe is meaningful enough or broadly based enough to merit its own app, we’ll build that app.”

For now, SlideShare is only available on Android, which you can download here. iOS users can sign up to be a beta tester for an iOS app, which is also in the works. Along with the app, SlideShare updated its mobile web version, allowing users to swipe between presentation slides. SlideShare users can also view their presentation looks on mobile before they upload it.

LinkedIn is creeping toward the moment when half its users visit via mobile, and standalone apps like SlideShare are expected to help carry them there.

Facebook UpComing Changes



Due May 13th, 2014 at 10am PDT

When we announced the migration from Credits to local currency payments last June, we also introduced Realtime Updates for payments and disputes to provide asynchronous payment updates and notifications of disputed payments.

Starting May 13th, 2014, developers that accept payments will be required to subscribe to and honor Realtime Updates to ensure order fulfilment and appropriate handling of disputes from all payers. If you do not subscribe to and honor these updates, Facebook reserves the right, under our [Developer Payment Terms] (/policy/payments_terms) to withhold payouts and/or stop your app from accepting payments.

As part of this change, developers must also take action on each dispute that is raised by a user in your app. This can either be a refund, or by calling the new Graph API for disputes, to notify Facebook of the dispute outcome. After May 13th, 2014, Facebook will start auto-refunding disputes which are not handled by the developer in a timely manner.

Read about Realtime Updates for payments and how to subscribe

Read about how to resolve disputed payments for your app

Once you have updated your app, you should enable the migration setting for Realtime Updates on your app settings on "https://apps.facebook.com/apps/[APP_ID]/settings/migrations/".

Wednesday, April 16, 2014

Google Glass Sold Out Of White Model



Tuesday, for the first time, Google Glass was made available to the general public CNN Reports. As part of the one-day-only offering, anyone in the U.S. could buy the $1,500 face-mounted computers and get a free pair of glass or sunglass frames.

Google isn't sharing any sales numbers for the day, so it's difficult to divine how successful its first open-sales event has been. There were no reports of the Google Glass sales site crashing or customers being turned away.

Google did say it had sold out of the white, or "cotton" color of Glass. As of Tuesday afternoon there were still red, blue, gray and black options available.

"Wow, what a morning! We're happy to see so many new faces (and frames) in the Explorer Program," Google posted Tuesday to a Google+ page, announcing the unavailability of the Cotton model. The Explorer Program refers to early testers of the Glass connected eyewear, which is expected to become widely available by the end of the year.

Early on Wednesday Google posted an update saying, "All spots in the Explorer Program have been claimed for now, but if you missed it this time, don't worry. We'll be trying new ways to expand the Explorer program in the future."

The $1,500 headset was only available online, so there were no lines of buyers outside Google buildings. There also didn't appear to be any organized protests of the sale, despite isolated assaults against Glass wearers in this city amid recent tensions between longtime residents and a recent influx of tech-industry staffers.

Limited rollouts are a good way for Google to test the demand for its much hyped wearable product. Previously, the only people who could get Glass were developers or people who applied for the device through Google contests. (The Silicon Valley-based company is no stranger to creating hype for a new product. When it first rolled out Gmail 10 years ago, the service was invite only, making it seem exclusive.)

Tuesday, April 15, 2014

Twitter Acquires Gnip



Twitter has acquired Gnip, the social data provider that has long provided access to public Twitter data, and that has deepened its relationship with the social network over the years through a series of product and partnership announcements. The acquisition will lead to Twitter offering even more of its data to Gnip’s customer base, and existing customer relationships with Gnip will continue unchanged.

Gnip offers access to historical Twitter data, and the full Twitter data firehose, but it also offers APIs that provide data from other social networks including Reddit, Instagram, Tumblr, Bitly and more. Gnip says that working with Twitter as a part of the company will let it “go much faster and much deeper,” and they plan to expand support to include a wider set of potential use cases in different industries.

Twitter bringing Gnip in-house makes sense because it means it has more direct control over the monetization of its own content. Gnip sells access to its bulk data to other companies, and now Twitter will be able to do the same without use of a middle man. It also means Twitter now has more alternatives to advertising in terms of revenue generators – the company can more easily sell data direct to brands about the conversations already taking place on its network than convince them to pay for ad space to try to kickstart those conversations. This is potentially bad news for other companies working in the same space as Gnip, including DataSift.

For now, it looks like Gnip will continue to operate under its own branding, and the office and team will definitely remain in Boulder, CO, where they’re currently located. As to its relationship with other network providers regarding their public data, Twitter states in the blog announcing the news that it plans to honor current customer contracts, but of course it’s always possible that those providers won’t feel comfortable offering up their firehoses to what now amounts to a competitor.

Facebook The Next Paypal?



Several months ago I wrote a blog about Facebook becoming the next Paypal.

It would seem that they are on the right track with reports that they are planning to facilitate financial services in the form of electronic money and remittance

The report cites sources as saying that Facebook is weeks away from getting regulatory approval in Ireland for a service that lets users store money on Facebook and use it to pay others — what’s known as “e-money”.

This means that Facebook will be able to issue units of stored monetary value that represent a claim against the company, and the e-money can be used throughout Europe in a process known as “passporting”.

Facebook is also said to have had talks with at least three London startups offering international money transfer services online and via mobile: TransferWise, Moni Technologies and Azimo.

E-money and remittances would help Facebook be more relevant in emerging markets and build up its momentum to push into these markets. Last week, for example, Facebook passed 100 million users in India. Already, Chinese Internet giants including Alibaba and Tencent have rolled out mobile payment initiatives as they seek to tap on e-commerce by replacing traditional payment methods to ease the friction of paying without bank-issued credit cards.

Google Glass One Day Only Sale



$1,500. Thats all you need to buy a set of Google Glass.

Today only (April 15), Google is selling a limited amount of their Google Glass, a wearable computer that you can attach to your glasses to keep up with social media, email, weather and news.

Up until now, Google Glass has only been available to those who participated in the Explorer program, a beta program that allowed users to own it while Google manipulated it via experiments and updates.

Glass also comes equipped with Google apps like Gmail, Google Maps, Google Plus and Google Now.

Monday, April 14, 2014

Facebook Cleaning Up News Feed Spam



Facebook is making an effort to clean up the news feed.
This is the press release from them.

The goal of News Feed is to deliver the right content to the right people at the right time so they don’t miss the stories that are important and relevant to them.

Today we are announcing a series of improvements to News Feed to reduce stories that people frequently tell us are spammy and that they don’t want to see. Many of these stories are published by Pages that deliberately try and game News Feed to get more distribution than they normally would. Our update targets three broad categories of this type of feed spam behavior.

Like-baiting

“Like-baiting” is when a post explicitly asks News Feed readers to like, comment or share the post in order to get additional distribution beyond what the post would normally receive.

People often respond to posts asking them to take an action, and this means that these posts get shown to more people, and get shown higher up in News Feed. However, when we survey people and ask them to rate the quality of these stories, they report that like-baiting stories are, on average, 15% less relevant than other stories with a comparable number of likes, comments and shares. Over time, these stories lead to a less enjoyable experience of Facebook since they drown out content from friends and Pages that people really care about.

The improvement we are making today better detects these stories and helps ensure that they are not shown more prominently in News Feed than more relevant stories from friends and other Pages. This update will not impact Pages that are genuinely trying to encourage discussion among their fans, and focuses initially on Pages that frequently post explicitly asking for Likes, Comments and Shares.



Frequently Circulated Content

People and Pages on Facebook frequently reshare great content, but people tell us there are occasionally instances where photos or videos are uploaded to Facebook over and over again. We’ve found that people tend to find these instances of repeated content less relevant, and are more likely to complain about the Pages that frequently post them. We are improving News Feed to de-emphasize these Pages, and our early testing shows that this change causes people to hide 10% fewer stories from Pages overall.

Spammy Links

Some stories in News Feed use inaccurate language or formatting to try and trick people into clicking through to a website that contains only ads or a combination of frequently circulated content and ads. For instance, often these stories claim to link to a photo album but instead take the viewer to a website with just ads.

By measuring how frequently people on Facebook who visit a link choose to like the original post or share that post with their friends, we’ve been able to better detect spammy links. The update we are making today improves News Feed to reduce cases of these spammy links, and in our early testing we’ve seen a 5% increase in people on Facebook clicking on links that take them off of Facebook – this is a big increase in the context of News Feed and is a good sign that people are finding the remaining content in their News Feed more relevant and trustworthy.

Will this affect my Page?

The vast majority of publishers on Facebook are not posting feed spam so they should not be negatively impacted by these changes, and, if anything, may see a very small increase in News Feed distribution.

A smaller set of publishers who are frequently and intentionally creating feed spam will see their distribution decrease over the next few months. We’re making these changes to ensure that feed spam content does not drown out the content that people really want to see on Facebook from the friends and Pages they care about.

Twitter Rolling Out Notifications



When it comes to your interactions on Twitter, it should be easy for you to stay connected to what’s relevant. Twitter now has real-time notifications on twitter.com when someone is engaging with your Tweets.



When you’re logged in on twitter.com, you will receive notifications if someone has replied, favorited or retweeted one of your Tweets. You can also receive notifications for direct messages and new followers. They’re fully interactive, so that you can reply, favorite, retweet, and follow right from the notification. This feature will be rolled out over the next couple of weeks.


To make sure you’re getting the notifications you want, go to your Settings on twitter.com. That’s where you can choose what types of notifications you want to get on twitter.com and via email and mobile. If you use a Twitter app, check out your settings there too, so you can refine the types of push notifications you receive.

Thursday, April 10, 2014

Heartbleed Effects For Months Even Years To Come



This is a scary article from Tom Simonite about the effects of Heartbleed.

HeartBleed is a security bug uncovered this week affects an estimated two-thirds of websites and has Internet users scrambling to understand the problem and update their online passwords. But many systems vulnerable to the flaw are out of public view and are unlikely to get fixed.

OpenSSL, in which the bug, known as Heartbleed, was found, is widely used in software that connects devices in homes, offices, and industrial settings to the Internet. The Heartbleed flaw could live on for years in devices like networking hardware, home automation systems, and even critical industrial-control systems, because they are infrequently updated.


Network-connected devices often run a basic Web server to let an administrator access online control panels. In many cases, these servers are secured using OpenSSL and their software will need updating, says Philip Lieberman, president of security company Lieberman Software. However, this is unlikely to be a priority. “The manufacturers of these devices will not release patches for the vast majority of their devices, and consumers will patch an insignificant number of devices.”

Cable boxes and home Internet routers are just two of the major classes of devices likely to be affected, says Lieberman. “ISPs now have millions of these devices with this bug in them,” he says.

The same issue likely affects many companies, because plenty of enterprise-grade network hardware and industrial and business automation system also rely on OpenSSL, and those devices are also rarely updated. Large-scale scans of Internet addresses have previously uncovered hundreds of thousands of devices, ranging from IT equipment to traffic control systems, that are improperly configured or have not been updated to patch known flaws (see “What Happened When One Man Pinged the Whole Internet”).

“Unlike servers being patched by armies of corporate IT staff, these Internet-enabled devices with vulnerable OpenSSL parts aren’t going to be getting the attention they may need,” says Jonathan Sander, strategy and research officer for STEALTHbits Technologies, which helps companies manage and track data access and leaks. “OpenSSL is like a faulty engine part that’s been used in every make and model of car, golf cart, and scooter.”

It is difficult to estimate how many devices connected to the Internet are susceptible to the Heartbleed bug, but it has been present in OpenSSL for a long time. “Anything that was compiled in a version of OpenSSL between December 2011 and the day before yesterday could be vulnerable,” says Mark Schloesser, a security researcher for the IT security company Rapid7.

Another unknown is what valuable data can be accessed by a Heartbleed attack. Schloesser says that tests so far suggest it varies widely from one system to the next. Yahoo’s servers, for example, leaked user passwords, while others were found to leak little of value.

Not everyone currently trying to figure out which systems do leak important information is a security researcher with good intentions. “There are lots of people trying to use this to do widespread exploitation,” says Schloesser. He points to activity seen in Web server logs since the problem was disclosed showing efforts to find vulnerable systems, and the appearance of scripts that can be used to test for Heartbleed vulnerabilities.

Sander points out that many single-purpose devices—for example, Internet-connected thermostats—don’t contain much valuable information. But he adds that they could spill enough for an attacker to log in and take control, and even small amounts of data could reveal, for example, whether or not someone is at home.

Pinterest Changes Coming

This is taken from Pinterest engineers as they talk about possible API changes.
As we focus on building a great user experience for the tens of millions of existing Pinners, it’s equally important to engage and retain new Pinners through the new user experience (NUX).
We recently rebuilt our new user experience and created a new framework to power it. Through the process, we determined the best content to show that would educate without overwhelming. Here you’ll learn how we arrived at a NUX that performs significantly better than the previous experience across all of our core engagement metrics.

Rethinking NUX from the ground up

We started by conducting qualitative and quantitative research to better understand new Pinners. The user experience research team interviewed a group of inactive Pinners to understand major pain points, while the data team analyzed a large sample of existing Pinners and determined the core set of actions that would increase the likelihood of a retaining a new person joining the site.
After looking at the insights and iterating on dozens of versions, we gathered new learnings about retaining new Pinners:
Demonstrate a simple value proposition that clearly shows off utility. A Pin is our primary value proposition so we immediately educate the person about how Pins work, and their value.

Actualize the value proposition immediately. Searching and discovering Pins is a core feature, so immediately following the Pin step, we give education on how to find and save interesting Pins.

Educate new Pinners at their own pace. The previous Pin and Search steps are mandatory for new Pinners because we’ve found they lead to increased long term engagement. However, if the Pinner doesn’t seem to get it the first time we’ll gently re-educate them on subsequent visits. For example, if he or she still hasn’t saved a Pin on their second visit, we’ll provide reeducation, and conduct the same process for board creation, following, and other features.

Encourage immediate action. Understanding what it means to Pin early substantially increases the likelihood of retaining the new Pinner. He or she will get a simplified experience where Pinning is highlighted and other advanced features are hidden, until they save their first Pin. We call this the First Pin Experience (more on that below).

After becoming active for the first time and saving a Pin, the Pinner will graduate to a richer experience.

The need for a framework

The updated NUX is a multi-session experience that differs based on Pinner state such as what they’ve done, how long they’ve seen an experience, etc. Therefore we needed a system that could control what the Pinner experiences based on those variables. We also needed a way to easily run experiments to test different NUX steps, messaging, and educational units.

Google Announces Project Ara



Here is the statement from Google on project ara.

Today we’re announcing the first release of the Project Ara Module Developers Kit (MDK) v0.10. You can download the release at projectara.com/mdk/. This is a very early version but our goals are to give the developer community an opportunity to provide feedback and input, and to help us ensure that the final MDK--anticipated at the end of 2014--is elegant, flexible, and complete.

Next week, we’re hosting the first Project Ara Developers Conference at the Computer History Museum in Mountain View. We invite developers to attend in person (projectara.com/ara-developers-conference/) and provide feedback and input on the MDK. An online livestream option is also available. Registration closes tomorrow. Also, we’re kicking off the Project Ara Module Developers forum and mailing list--check it out.

Facebook A New Look For Ads Right-Hand Column

Facebook Business is rolling out a new design for ads in the coming months.

Here is the press release:

In the coming months, we’ll be rolling out a new design for ads in the right-hand column. This updated look will make right-hand column ads more visually consistent with the ads that appear in News Feed. They will use the same proportions as desktop News Feed ads, they will be larger in size, and there will be fewer of them. For advertisers, this offers a simpler way to create ads and an enhanced creative canvas on the right-hand column of Facebook.
Here’s how the new ads will look:

A better experience for people
The new look of the ads, along with their new distribution, is intended to offer a better ad experience on Facebook. In early tests we’ve seen increased engagement — up to 3X more — from people seeing the new design.
A simpler ad product
Because the updated ads mirror the overall shape of desktop News Feed ads, marketers will no longer have to choose separate images for News Feed and right-hand column placements. They can now use the same image for both.
Availability
Some advertisers will begin seeing this new option later this month, with all advertisers being rolled over later this year. During this transition phase, we will support the old and new formats.

Wednesday, April 9, 2014

The Heartbleed Bug

Here is some information on the new vulnerability in SSL

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.


What leaks in practice?

We have tested some of our own services from attacker's perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication.

How to stop the leak?

As long as the vulnerable version of OpenSSL is in use it can be abused. Fixed OpenSSL has been released and now it has to be deployed. Operating system vendors and distribution, appliance vendors, independent software vendors have to adopt the fix and notify their users. Service providers and users have to install the fix as it becomes available for the operating systems, networked appliances and software they use.

Q&A
What is the CVE-2014-0160?

CVE-2014-0160 is the official reference to this bug. CVE (Common Vulnerabilities and Exposures) is the Standard for Information Security Vulnerability Names maintained by MITRE. Due to co-incident discovery a duplicate CVE, CVE-2014-0346, which was assigned to us, should not be used, since others independently went public with the CVE-2014-0160 identifier.
Why it is called the Heartbleed Bug?

Bug is in the OpenSSL's implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). When it is exploited it leads to the leak of memory contents from the server to the client and from the client to the server.
What makes the Heartbleed Bug unique?

Bugs in single software or library come and go and are fixed by new versions. However this bug has left large amount of private keys and other secrets exposed to the Internet. Considering the long exposure, ease of exploitation and attacks leaving no trace this exposure should be taken seriously.
Is this a design flaw in SSL/TLS protocol specification?

No. This is implementation problem, i.e. programming mistake in popular OpenSSL library that provides cryptographic services such as SSL/TLS to the applications and services.
What is being leaked?

Encryption is used to protect secrets that may harm your privacy or security if they leak. In order to coordinate recovery from this bug we have classified the compromised secrets to four categories: 1) primary key material, 2) secondary key material and 3) protected content and 4) collateral.
What is leaked primary key material and how to recover?

These are the crown jewels, the encryption keys themselves. Leaked secret keys allows the attacker to decrypt any past and future traffic to the protected services and to impersonate the service at will. Any protection given by the encryption and the signatures in the X.509 certificates can be bypassed. Recovery from this leak requires patching the vulnerability, revocation of the compromised keys and reissuing and redistributing new keys. Even doing all this will still leave any traffic intercepted by the attacker in the past still vulnerable to decryption. All this has to be done by the owners of the services.
What is leaked secondary key material and how to recover?

These are for example the user credentials (user names and passwords) used in the vulnerable services. Recovery from this leaks requires owners of the service first to restore trust to the service according to steps described above. After this users can start changing their passwords and possible encryption keys according to the instructions from the owners of the services that have been compromised. All session keys and session cookies should be invalided and considered compromised.
What is leaked protected content and how to recover?

This is the actual content handled by the vulnerable services. It may be personal or financial details, private communication such as emails or instant messages, documents or anything seen worth protecting by encryption. Only owners of the services will be able to estimate the likelihood what has been leaked and they should notify their users accordingly. Most important thing is to restore trust to the primary and secondary key material as described above. Only this enables safe use of the compromised services in the future.
What is leaked collateral and how to recover?

Leaked collateral are other details that have been exposed to the attacker in the leaked memory content. These may contain technical details such as memory addresses and security measures such as canaries used to protect against overflow attacks. These have only contemporary value and will lose their value to the attacker when OpenSSL has been upgraded to a fixed version.
Recovery sounds laborious, is there a short cut?

After seeing what we saw by "attacking" ourselves, with ease, we decided to take this very seriously. We have gone laboriously through patching our own critical services and are in progress of dealing with possible compromise of our primary and secondary key material. All this just in case we were not first ones to discover this and this could have been exploited in the wild already.
How revocation and reissuing of certificates works in practice?

If you are a service provider you have signed your certificates with a Certificate Authority (CA). You need to check your CA how compromised keys can be revoked and new certificate reissued for the new keys. Some CAs do this for free, some may take a fee.
Am I affected by the bug?

You are likely to be affected either directly or indirectly. OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Your popular social site, your company's site, commerce site, hobby site, site you install software from or even sites run by your government might be using vulnerable OpenSSL. Many of online services use TLS to both to identify themselves to you and to protect your privacy and transactions. You might have networked appliances with logins secured by this buggy implementation of the TLS. Furthermore you might have client side software on your computer that could expose the data from your computer if you connect to compromised services.
How widespread is this?

Most notable software using OpenSSL are the open source web servers like Apache and nginx. The combined market share of just those two out of the active sites on the Internet was over 66% according to Netcraft's April 2014 Web Server Survey. Furthermore OpenSSL is used to protect for example email servers (SMTP, POP and IMAP protocols), chat servers (XMPP protocol), virtual private networks (SSL VPNs), network appliances and wide variety of client side software. Fortunately many large consumer sites are saved by their conservative choice of SSL/TLS termination equipment and software. Ironically smaller and more progressive services or those who have upgraded to latest and best encryption will be affected most. Furthermore OpenSSL is very popular in client software and somewhat popular in networked appliances which have most inertia in getting updates.
What versions of the OpenSSL are affected?

Status of different versions:
OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
OpenSSL 1.0.1g is NOT vulnerable
OpenSSL 1.0.0 branch is NOT vulnerable
OpenSSL 0.9.8 branch is NOT vulnerable

Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.
How common are the vulnerable OpenSSL versions?

The vulnerable versions have been out there for over two years now and they have been rapidly adopted by modern operating systems. A major contributing factor has been that TLS versions 1.1 and 1.2 came available with the first vulnerable OpenSSL version (1.0.1) and security community has been pushing the TLS 1.2 due to earlier attacks against TLS (such as the BEAST).
How about operating systems?

Some operating system distributions that have shipped with potentially vulnerable OpenSSL version:
Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4
Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11
CentOS 6.5, OpenSSL 1.0.1e-15
Fedora 18, OpenSSL 1.0.1e-4
OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012)
FreeBSD 10.0 - OpenSSL 1.0.1e 11 Feb 2013
NetBSD 5.0.2 (OpenSSL 1.0.1e)
OpenSUSE 12.2 (OpenSSL 1.0.1c)

Operating system distribution with versions that are not vulnerable:
Debian Squeeze (oldstable), OpenSSL 0.9.8o-4squeeze14
SUSE Linux Enterprise Server
FreeBSD 8.4 - OpenSSL 0.9.8y 5 Feb 2013
FreeBSD 9.2 - OpenSSL 0.9.8y 5 Feb 2013
FreeBSD Ports - OpenSSL 1.0.1g (At 7 Apr 21:46:40 2014 UTC)
How can OpenSSL be fixed?

Even though the actual code fix may appear trivial, OpenSSL team is the expert in fixing it properly so latest fixed version 1.0.1g or newer should be used. If this is not possible software developers can recompile OpenSSL with the handshake removed from the code by compile time option -DOPENSSL_NO_HEARTBEATS.
Should heartbeat be removed to aid in detection of vulnerable services?

Recovery from this bug could benefit if the new version of the OpenSSL would both fix the bug and disable heartbeat temporarily until some future version. It appears that majority if not almost all TLS implementations that respond to the heartbeat request today are vulnerable versions of OpenSSL. If only vulnerable versions of OpenSSL would continue to respond to the heartbeat for next few months then large scale coordinated response to reach owners of vulnerable services would become more feasible.
Can I detect if someone has exploited this against me?

Exploitation of this bug leaves no traces of anything abnormal happening to the logs.
Can IDS/IPS detect or block this attack?

Although the content of the heartbeat request is encrypted it has its own record type in the protocol. This should allow intrusion detection and prevention systems (IDS/IPS) to be trained to detect use of the heartbeat request. Due to encryption differentiating between legitimate use and attack can not be based on the content of the request, but the attack may be detected by comparing the size of the request against the size of the reply. This seems to imply that IDS/IPS can be programmed to detect the attack but not to block it unless heartbeat requests are blocked altogether.
Has this been abused in the wild?

We don't know. Security community should deploy TLS/DTLS honeypots that entrap attackers and to alert about exploitation attempts.
Can attacker access only 64k of the memory?

There is no total of 64 kilobytes limitation to the attack, that limit applies only to a single heartbeat. Attacker can either keep reconnecting or during an active TLS connection keep requesting arbitrary number of 64 kilobyte chunks of memory content until enough secrets are revealed.
Is this a MITM bug like Apple's goto fail bug was?

No this doesn't require a man in the middle attack (MITM). Attacker can directly contact the vulnerable service or attack any user connecting to a malicious service. However in addition to direct threat the theft of the key material allows man in the middle attackers to impersonate compromised services.
Does TLS client certificate authentication mitigate this?

No, heartbeat request can be sent and is replied to during the handshake phase of the protocol. This occurs prior to client certificate authentication.
Does OpenSSL's FIPS mode mitigate this?

No, OpenSSL Federal Information Processing Standard (FIPS) mode has no effect on the vulnerable heartbeat functionality.
Does Perfect Forward Secrecy (PFS) mitigate this?

Use of Perfect Forward Secrecy (PFS), which is unfortunately rare but powerful, should protect past communications from retrospective decryption. Please seehttps://twitter.com/ivanristic/status/453280081897467905 how leaked tickets may affect this.
Can heartbeat extension be disabled during the TLS handshake?

No, vulnerable heartbeat extension code is activated regardless of the results of the handshake phase negotiations. Only way to protect yourself is to upgrade to fixed version of OpenSSL or to recompile OpenSSL with the handshake removed from the code.
Who found the Heartbleed Bug?

This bug was independently discovered by a team of security engineers (Riku, Antti and Matti) atCodenomicon and Neel Mehta of Google Security, who first reported it to the OpenSSL team. Codenomicon team found heartbleed bug while improving the SafeGuard feature in Codenomicon's Defensics security testing tools and reported this bug to the NCSC-FI for vulnerability coordination and reporting to OpenSSL team.
What is the Defensics SafeGuard?

The SafeGuard feature of the Codenomicon's Defensics security testtools automatically tests the target system for weaknesses that compromise the integrity, privacy or safety. The SafeGuard is systematic solution to expose failed cryptographic certificate checks, privacy leaks or authentication bypass weaknesses that have exposed the Internet users to man in the middle attacks and eavesdropping. In addition to the Heartbleed bug the new Defensics TLS Safeguard feature can detect for instance the exploitable security flaw in widely used GnuTLS open source software implementing SSL/TLS functionality and the "goto fail;" bug in Apple's TLS/SSL implementation that was patched in February 2014.
Who coordinates response to this vulnerability?

NCSC-FI took up the task of reaching out to the authors of OpenSSL, software, operating system and appliance vendors, which were potentially affected. However, this vulnerability was found and details released independently by others before this work was completed. Vendors should be notifying their users and service providers. Internet service providers should be notifying their end users where and when potential action is required.
Is there a bright side to all this?

For those service providers who are affected this is a good opportunity to upgrade security strength of the secret keys used. A lot of software gets updates which otherwise would have not been urgent. Although this is painful for the security community, we can rest assured that infrastructure of the cyber criminals and their secrets have been exposed as well.
Where to find more information?

This Q&A was published as a follow-up to the OpenSSL advisory, since this vulnerability became public on 7th of April 2014. The OpenSSL project has made a statement athttps://www.openssl.org/news/secadv_20140407.txt. NCSC-FI published an advisory athttps://www.cert.fi/en/reports/2014/vulnerability788210.html. Individual vendors of operating system distributions, affected owners of Internet services, software packages and appliance vendors may issue their own advisories.
References
CVE-2014-0160
NCSC-FI case# 788210
http://www.openssl.org/news/secadv_20140407.txt (published 7th of April 2014, ~17:30 UTC)
http://blog.cloudflare.com/staying-ahead-of-openssl-vulnerabilities (published 7th of April 2014, ~18:00 UTC)
http://heartbleed.com (published 7th of April 2014, ~19:00 UTC)
http://www.ubuntu.com/usn/usn-2165-1/
http://www.freshports.org/security/openssl/
https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
https://rhn.redhat.com/errata/RHSA-2014-0376.html
http://lists.centos.org/pipermail/centos-announce/2014-April/020249.html
https://lists.fedoraproject.org/pipermail/announce/2014-April/003205.html
http://www.kb.cert.org/vuls/id/720951
https://www.cert.fi/en/reports/2014/vulnerability788210.html
https://www.cert.at/warnings/all/20140408.html
http://www.circl.lu/pub/tr-21/

Tuesday, April 8, 2014

LinkedIn Updates Again With A New Feature

LinkedIn is continuing their update spree. Here is the latest change to their platform.
This must be a gradual roll-out because I do not see it on mine yet.

Here is their blog on the new feature.

One of the easiest ways to boost your professional brand on LinkedIn is to find other like-minded professionals to connect and exchange ideas with in LinkedIn Groups. But with so many great conversations, up-to-date news and valuable information available, people often ask, “Where do I begin?”  Today, we’re pleased to introduce a new destination designed to help you manage your participation in and discover LinkedIn Groups more efficiently and effectively.

Your Groups

To get started, simply select “Interests” from the menu at the top of your LinkedIn Homepage, then “Groups.” This new Groups landing page makes it easier to stay up-to-date on what’s happening in groups you manage or are a member of  — making your time spent on LinkedIn and in LinkedIn Groups, more productive.
At the top of the page, you’ll see all of your current groups in one place. If the group has new activity, you’ll instantly see the number of updates, new discussions or job postings within that group when you hover over it. We’ve also made it possible to start or join a conversation in any of your groups directly from this page. New to groups?  We’ll help you get started by suggesting relevant groups you can join today.

Suggested Groups

We’ve also added a new conversation feed to give you a quick peek at conversations that took place since your last visit, making it easy for you to quickly jump in.

Groups Conversations

New Twitter Profile



Twitter is rolling out a new profile. Larger photo's and you can customize your header and also show off your best tweets.



Here are more features in the new update.

Best Tweets: Tweets that have received more engagement will appear slightly larger, so your best content is easy to find.

Pinned Tweet: Pin one of your Tweets to the top of your page, so it’s easy for your followers to see what you’re all about.

Filtered Tweets: Now you can choose which timeline to view when checking out other profiles. Select from these options: Tweets, Tweets with photos/videos, or Tweets and replies.




The new look is for new signups and will be available to everyone in a couple of weeks.