Twitter | CoreBlox Blog

Posts Tagged ‘twitter’

SiteMinder Experts List

Wednesday, February 10th, 2010

Over the past year we’ve seen a definite rise in the number of SiteMinder conversations on social networks. Whether it’s job opportunities, technical issues, or SiteMinder tips, the social universe is talking about the enterprise security application we’ve all come to know and love (always love, right? ).

One thing we’ve noticed that the SiteMinder community can do a better job of is helping people to understand where to look for help with their SiteMinder needs. On the Twitter side, we’ve created a list of SiteMinder professionals who frequent that network. These are folks we’ve interacted with or accounts that tend to generate interesting links related to SSO and enterprise security.

Of course, you can also sign up and participate in our SSOhelp community.

By the way, good news for those of you who are interested in Radiant Logic VDS: there’s a list for you too! Follow our list of Radiant Logic professionals.

We’ll continue to grow both lists over time, and if you feel you should be added then feel free to drop us a line @coreblox.

http://www.flickr.com/photos/fboyd/ / CC BY-SA 2.0

Tags: Access Management, community, CoreBlox, enterprise security, identity and, Radiant Logic, siteminder, SSO, SSOhelp.com, twitter, twitter lists, Virtual Directory
Posted in Identity and Access Management, SSOhelp.com, Social Networking, Virtual Directory | 1 Comment »

Why RockYou Should Have Federated Identities

Friday, December 18th, 2009

In case you haven’t seen the news, RockYou’s users have become casualties in the latest web privacy breach. TechCrunch detailed RockYou’s numerous transgressions here:

Earlier today news spread that social application site RockYouhad suffered a data breached that resulted in the exposure of over 32 Million user accounts. To compound the severity of the security breach, it was found that RockYou are storing all user account data in plain text in their database, exposing all that information to attackers. RockYou have yet to inform users of the breach, and their blog is eerily silent – but the details of the security breach are going from bad to worse.

32 million users. If you thought you were having a bad day, imagine what RockYou’s leadership team is dealing with. Winning back the trust of a single user can be challenging, let alone the other 31,999,999.

RockYou has some 'splaining to do

Of course it’s easy to pile on RockYou for the many boneheaded decisions that led to this breach. Users can’t protect themselves if they don’t have the proper tools, and the act of promoting the use of simple passwords by practicing non-existent password policies is a virtual invitation to hackers. Sadly enough, even stricter policies could not have saved RockYou since they elected to store passwords in the clear. In the applications world this is the ultimate rookie mistake, and it’s difficult to imagine a company like RockYou making it.

Unfortunately the impact of RockYou’s mistakes has ripple effects for other social network partners. As TechCrunch revealed, RockYou collected user credentials for integrated sites such as Facebook and MySpace and stored them (in clear text) in their database. So if you’re one of the unfortunate RockYou users who submitted login credentials for both those networks, you have more than just your RockYou data to worry about.

So besides following through on their promise and not storing the data to begin with, what could RockYou have done to work around the issue of exposing login credentials from their partner networks to hackers? That’s easy: FEDERATE! Federated authentication is a protocol that allows companies to trust incoming login requests from known sources, thereby eliminating the need for storing a separate login and password. Simply stated, federation is single sign-on deployed across the internet. This means user identities are more portable, the user experience is more seamless, and the login data is more secure since it does not need to be stored in multiple locations.

Facebook Connect login option

Sounds complicated, right? But the reality is you’re probably already using forms of federation in your every day web experience. Authentication services like Facebook Connect and Twitter’s oAuth are examples of federation in action. Why expose yourself to more risk by storing credentials when you can simply piggyback on what your partner is already doing?

Of course, the value of federation isn’t limited to social networks. Large enterprises like CA are using federated security models to drive partnerships and other business relationships. Our own Todd Clayton has described a vision for a Federation Oriented Architecture where the principles of identity federation are applied other data. There is no doubt the need for identity federation is on the rise, and we expect to see plenty of work in this area in 2010.

Unfortunately hindsight cannot save RockYou from the embarrassment over this mess. The users who choose to stay with them can only hope they’ll learn from their mistakes.

Tags: facebook connect, Federation, Federation Oriented Architecture, Identity and Access Management, MySpace, oAuth, security breach, social networks, SSO, twitter
Posted in Federation, Identity and Access Management, Social Networking | No Comments »

Expecting

Monday, January 12th, 2009

When my wife & I were expecting our first child back in late 2003/early 2004, we were anxious to solicit advice and useful information from friends, relatives & work colleagues. We wanted to know what it was like to be a parent, what types of clothing & baby gear to buy in order to be prepared, which shopping sites had the best deals, what’s the best way to deal with a crying newborn at 3am when you’ve been averaging 3-4 hours of sleep per night, how quickly we should introduce bottle feeding, etc. If only the I Have Kids Community had been around back then!

In many ways, building a new application for your business is similar to expecting a new baby. You debate the merits of various names, being careful to select something that’s distinguishable but won’t be the object of ridicule. You rely on advice from people you respect and admire in order to become the best possible caregiver for this new thing you’re going to bring into the world. You do everything in your power to ensure it will be healthy and have the best chance of thriving once it’s “born”. In the event this is the second or third time you’ve brought an application to market, you spend time reflecting on what’s gone right (and wrong!) in the past, hoping to avoid making the same mistakes twice. And once your application arrives on the market, chances are your sleep schedule will most definitely suffer.

The CoreBlox team is excited about a new application that we have in the early planning stages. Like expectant parents, we’ve been reaching out to some knowledgeable and influential industry folks to solicit feedback on our concept and hopefully give us some hints on ways we can best position ourselves for success. So far the response has been excellent, and I’d like to take a moment to recognize two people who have contributed valuable feedback to our efforts:

@LenDevanna, Director of Web Strategy, EMC Corporation. You can read Len’s candid commentary on social media and the enterprise here on his blog (I particularly enjoyed this entry on the drama surrounding EMC’s internal community platform). In exchange for some great feedback, all Len asked for in return was a t-shirt when our app becomes a hit!

@ScottMonty, Social Media Guru at Ford Motor Company. You can read Scott’s perspective on social media here on his blog. During the recent debate over the auto industry bailout, one might have expected someone in Scott’s position to duck the criticisms being leveled at his company. Scott did quite the opposite, standing front and center and happily engaging anyone who would dare lump Ford’s performance in with its competitors:

Both Len & Scott would have had every reason in the world to ignore my request for advice, but they took the time to respond and donate some of their valuable time. We look forward to including them on our announcement list once the new CoreBlox creation arrives!

-Chad

Tags: Chatterbox, social media, twitter
Posted in Chatterbox, Social Networking | 2 Comments »

Enterprise Microblogging Security

Tuesday, October 14th, 2008

Last week I read an article that was co-written by one of the most knowledgeable social media experts I follow on Twitter, Aaron Strout of Mzinga, and Joe Cascio of JoeCascio.net. The article is titled Is the Enterprise Ready for Microblogging Tools Like Twitter?. It was full of useful information that any organization would want to consider before using a tool like Yammer or Present.ly, but the pieces that caught my eye were listed under the Key Considerations section:

“Single Sign-On (SSO): A growing problem in the social media world right now is identity proliferation. With some notable exceptions that accept OpenID, most sites still require you to create yet another account in their system (or identity domain). In most enterprises, a fair amount of effort has already been expended on establishing single sign-on through the intranets’ LDAP registry. It would be highly desirable to leverage this capability to enroll employees in the microblogging system. So, an enterprise microblogging solution must have flexibility in adapting to existing ID and sign-on registries.”

Then further down:

“Security: This will probably be of paramount concern at least initially in most businesses. Most corporations are very aware of keeping internal communications safe from prying outside eyes. An enterprise microblogging solution must provide for fine-grained authorization and trustworthy security of communications. Management, through the IT department will want to be able to restrict who can see certain posts.”

Some would say that the beauty of Twitter is its lack of walls. Granted you can globally secure your updates so that only those you approve may see them or leverage the DM feature to send private messages, but for the most part communication is done in the clear for all the Twitter community to see. But when discussions turn to private topics like corporate strategy and departmental policies, the need for enterprise microblogging to be secure becomes paramount. In other words, you don’t want that jab about a competitor’s product to become public because the person who made it was foolish enough to set their password = “password”.

So how secure are these new microblogging tools? A quick check of Yammer’s API Documentation shows the following:

“Authentication is done using HTTP Basic Authentication. The username is the full email address of the user, and the password is the same used to authenticate to the yammer.com web interface.”

It’s the same with Present.ly’s API Documentation:

“Just as with the Twitter API, the Present.ly API can be accessed via HTTP Basic authentication. The primary difference is that there is no data accessible without authentication in the Present.ly API, since the data is all private.”

For those who aren’t familiar with Basic Authentication, Wikipedia points out its main weakness:

“Although the scheme is easily implemented, it relies on the assumption that the connection between the client and server computers is secure and can be trusted. Specifically, the credentials are passed as plaintext and could be intercepted easily. The scheme also provides no protection for the information passed back from the server.”

This entry is not intended to knock Yammer or Present.ly for their API security protocols. I’m sure when their founders set out to deliver their solutions, security was barely a blip on their radars. But this is a security hole that Yammer & Present.ly’s customers will need to address if they want to provide secure microblogging environments for their employees.

If you’re part of an organization that needs help implementing SSO to a microblogging solution, or if you have any other security needs related to microblogging, we’d love to hear from you! CoreBlox has broad experience creating quick and effective solutions to these types of issues, and chances are we could help you figure this out. Drop us a line at info@coreblox.com, or feel free to contact me directly on Twitter.

For those folks who work in the Identity & Access Management space or just have a general interest in this area- what are your thoughts on the security challenges that these microblogging solutions pose? Anything you see that makes their situations unique relative to other applications that are covered by enterprise security?

Tags: aaron strout, basic auth, joe cascio, microblogging, Mzinga, passwords, present.ly, privacy, security, Social Networking, SSO, twitter, yammer
Posted in Identity and Access Management, Social Networking | 3 Comments »

Faster Than a Speeding Bullet

Friday, September 12th, 2008

I recently had an experience that demonstrates the power (and speed) of social media relative to mainstream media. I thought it would be worth documenting here for posterity’s sake.

Yesterday morning my Twitter pal @MikeLangford sent out this tweet:

Fearing the worst since it was the 9/11 anniversary, I immediately jumped on CNN.com for the story. Nothing there. I went to Boston.com. Same thing, nothing about the Chunnel.

Then I wondered to myself, “How long is the Chunnel anyway? Do only trains pass through it?”. I wanted to get a better sense of what this problem could mean, so I googled “Chunnel” and the first result was the Wikipedia entry. I scrolled down and much to my amazement, the Wikipedia entry already included a reference to that day’s fire!

Wow. Before one of the largest and most respected news agencies in the world (CNN) even had a mention of the story, the internet’s de facto encyclopedia had already documented it!

Next I realized “Duh. You found out about this on Twitter, so why not search Twitter to see if there’s any other information?”. Turns out there was already a buzz in the Twitter community, and I found this tweet from a news agency in Denver stating that the fire had been contained:

There was no mention of terrorism, so I was relieved. A couple of minutes later a large headline appeared on CNN.com, and they’d go on to publish the details of what the Denver story had stated.

I realize there is more to the scenario I’ve described. The reason CNN has come to be one of the most respected news agencies in the world is because its writers and editors are tasked with confirming a story before it is reported. But like it or not, Twitter has become my main source for breaking news. If I need to separate fact from fiction later on when the “legitimate” news source comes out with the story, that’s a tradeoff I’m willing to make.

Of course, the next logical question is how a national or world emergency like 9/11 would have transpired had a service like Twitter been around. Unfortunately, we Twitter users already know the answer to that:

Tags: chunnel, social media, twitter
Posted in Social Networking | No Comments »

It pays to tweet up!

Thursday, August 21st, 2008

Lately the CoreBlox team has been making a push to be more visible and interactive with our Facebook user base, our colleagues in the Identity & Access Management (IAM) space, and the social networking community at large. Some of the new places you’ll find a CoreBlox presence include:

@CoreBlox on Twitter for miscellaneous company updates
@IHaveKids on Twitter for updates about our Facebook application and links to useful parenting articles and resources
CoreBlox on GetSatisfaction for handling any questions or comments related to CoreBlox in general
IHaveKids on GetSatisfaction for handling questions or comments related to our Facebook application
SSOhelp.com, a social community we created for problem solving related to SiteMinder, Radiant Logic, and any other IAM solutions

Based on this excellent post from Joel Postman of Socialized, I learned that merely establishing a presence isn’t enough. According to Joel, we should:

“Explain why you are on Twitter and who is responsible for your company’s presence there. Consumers want to talk to a ‘real person,’ and not a bot.”

The short answer to the ‘why’ is that we want to network and grow our business, and we’re convinced that the way we’re going to get maximum traction with anything we do (especially our social apps) is to be as visible and accessible as possible.

As for the ‘who’: I’ll be handling most of our social web interactions for CoreBlox with some much needed assistance from my colleague Dave Saraiva. In addition to maintaining the CoreBlox presence, Dave & I are both on Twitter talking about our kids, music, sports, and the things we’re passionate about in our daily CoreBlox lives.

Our investment in a social presence is already paying dividends. Earlier this week our I Have Kids application was featured in the popular mommy blog MommyGoggles.com. Yesterday I was thrilled to receive this tweet from Mass High Tech, a popular and well-respected regional trade journal:

If you’re out there reading this and haven’t done so already, please take a moment to connect with us! Hopefully this post has erased any questions you had about how to do so.

Tags: CoreBlox, Facebook, GetSatisfaction, IHaveKids, MassHighTech, MommyGoggles.com, social, SSOhelp.com, twitter
Posted in CoreBlox News, Social Networking | No Comments »

Posts Tagged ‘twitter’

Archives

Categories

Tags