Twitter’s proposed limits could be the death of Twitter

You ever watch a snowball fall down a hill?

As it collects more snow, it gets bigger it collects more snow and moves faster, and as it moves faster, it collects more snow and gets even bigger.

This is the twitter (and frankly every successful explosive growth resource in the past 2000 years) growth and scale-out model.

Now, imagine for a moment that a snowball had a limited amount of snow it was allowed to collect at a limited speed.   It would continue to grow at a linear rate, linear speed and quite frankly might even stop or MELT at the pace it was moving.   That’s not scale-out, that’s called a collapse and melt methodology.

This not only stifles innovation and integration, but it out right cripples an entire community working at growing at hockey-stick sized projections.   The kind of partner ecosystem which promotes growth and self-innovation is what has brought us ultra-successful business models (take Microsoft for example, heard of them?)

However, what it appears they’re taking in this ultra-conservative approach, with little action on raising the bar will go the route of eBay tactics where the community finds itself hands bound and tied, unable to help grow and scale the business, eventually leaving for other opportunities because this ship has sailed, and sadly sunk.

Check out the Social Too entry on this and perhaps Twitter might do something to stop itself from chopping its own head off.

NetApp and Virtualization One Stop Shop!

You ever ask the question “Wow, I wish there were a consolidated place to find everything* there is to find about NetApp and Virtualization?

I ask that question all the time.  The following is a release of my internal notes I’d forward to people when they say “NetApp + Citrix?” “NetApp + VMware” or “NetApp + Hyper-V”

This way, both you AND I have a single place to go look and I don’t have to reinvent my wheel!

Everything you wanted to know about NetApp and Virtualization but were afraid to ask.

 NetApp Virtualization Team Blog – Great resource of information and the definitive source on updates of new documents, TR’s, etc – It is where I’ll update new links like those above from. NetApp Virtualization Team Blog – Great resource of information and the definitive source on updates of new documents, TR’s, etc – It is where I’ll update new links like those above from.

VMware and NetApp

Microsoft and NetApp

Citrix and NetApp

Oracle and NetApp

And some definite –must- reads!

NetApp Storage Efficiency Calculator

NetApp 50% Virtualization Guarantee* (Effective until December 31, 2009)

Top Must Read Knowledge Base Articles (Virt-KB!)

NetApp Virtualization and Twitter!

Yes! I was able to track down the folks at NetApp who are on Twitter, so follow them here!

NetApp Virtualization and YouTube!

  • NetAppTV (Customer Success Stories and other cool videos)
  • NetAppTube (Demos from VMWorld and more!)
  • NTriantos (SMVI, VDI, OSSV and more!) 

NetApp Tools for Virtualization!

And last but not least!

 Vaughn Stewart – Virtual Storage Evangelist and all around great VM Guy! Vaughn Stewart – Virtual Storage Evangelist and all around great VM Guy!

So, hopefully these resources will be useful to you, I know they’re pretty useful for me and I reference them often.   Definitely read the Must Reads, regardless of Virt Solution!

Twitter Phishing Scam with Blogspot – Post Mortem

What are our lessons learned so far from this little Twitter Phishing Scam?

First of all, this involved infecting a single or single groups of people.

Distribution consisted of Infect a person by sending them to a site to capture their credentials.   Once those usernames and passwords were collected, they would then use those compromised credentials to send this same message (via DM) to their followers, and continue the spread.

If Joe has 10 followers and DM’s it to those 10, and those 10 have 10 followers and DM it to the next 10, shortly you’d have thousands who are redistributing this – So long as they’ve visited the site and entered their credentials to be captured.

I see a lot of anger “I’m going to get person ‘x’ who sent me this message!”

It’s not the fault of the sender, not entirely.   They were compromised by a phishing scam, it happens, you should work towards educating them instead of castrating them.  So next time it will be part of their sense to not transmit their username/password to an untrusted site.

How could this terrible thing have happened? Now I hate (BlogSpot, Twitter, Followers)

Don’t hate the player, just be glad that it WAS done this way (a semi-safe site with only a small portion of cookies which get added to your browser)   Here is what could have happened if it were introduced in an effective ‘distribution manner’.

You visit the site, you are prompted for credentials.  Perhaps you’re prompted for credentials, though the better payload would be in the form of Malware, Spyware, Phishing-ware, Password capturers, and a number of other infection mechanisms.

Once this would be done, you’d be able to compromised on a number of fronts and able to distribute this to millions instead of just the few followers you have – Infecting Facebook, your banking account, etc so on and so forth.

What can I do about this in the future?

The universal rule of communication, especially unsolicited is ask yourself a few questions.   Would you visit this link if you were having a conversation with the person? Having established rapport with them while talking? Yes likely.

However the tip here is – Random “auto-dm’s” does not guarantee a reason to visit their link.  Yes a lot of people DO send out auto-DM’s, to the bane of all of us (SocialToo/ChrisBrogan– Thanks for helping limit that exposure!)  However, don’t bane all communication in the future.   If you think someone seriously DID write a funny blogpost about you because the person knows you, definitely do check it out! But in all seriousness, if you’ve not had some kind of established communication with this person to justify it, and let alone it brings you to not a funny blogpost, but to a fake twitter login page – Be sure to question it and use your common sense here.

Oh, and be wary of ever entering your credentials – again unless you explicitly trust the source.

Hopefully this Post-Mortem helps you deal with this situation, I’m still waiting for my self-infected account to start tweeting out to me (Controlled infection) For every problem there will be people looking to exploit it, and others trying to solve and contain it.   I’ll be there trying to find new solutions and rid the world of future exposure as well :)

Good luck, and feel free to follow me if you like :) @cxi

Phishing Scams finally hit Twitter!

Ever been Phished on Twitter? Get ready to.

You might receive a message similar to this:

hey! check out this funny blog about you... http://jannawalitax.blogspot.com/

Going to this page causes a redirect to this lovely site: http://twitter.access-logins.com/login/

image

Wow, that looks like the Twitter login page, however it isn’t Twitter.

Don’t enter your credentials, for you begin to enter into the world of being Phished!

Simply clicking on each of their links results in a broken page as well (That’s not very good phishing!)

Not Found

The requested URL /about was not found on this server.

Even their SignUp link is broken!

Once you enter your credentials you’re passed on to the Twitter.com mainsite and are able to see the basic information you’d see as if you were logging in to twitter.

I created a test account specifically to bring you that information :)

So, beware, and be sure not to visit this site and enter your credentials.

This is REAL Phishing in motion!

FYI: When this operates correctly, it appears to operate in an almost “Worm-like” fashion by infecting one person and then sending the payload “Auto-DM” to everyone that is following the person, so on and so forth while it spreads itself through the interwebs.

I’m still trying to self-infect a test account in order to see it in action, but so far on luck!