web hosting

Twitter Lists and Business

The latest feature rolled out by Twitter is lists.  This new offering by Twitter allows users to create lists of specific Twitter users.  Believe it or not, Twitter lists can be helpful to the business web site owner.  After all, social media has been proven to be a boon to the online business owner.

How Twitter works for business

As social media outlets go, Twitter is quickly becoming one of the more popular micro-blogging sites around.  The list of businesses currently using Twitter in one fashion or another is constantly growing.  Comcast, JetBlue, and Dell are just a few companies that realized early on that Twitter has great potential to help them get in contact with and support their customers.  Comcast is a perfect example of how a business can use a micro-blogging service to give fast and courteous service to their existing customers as well as garner new business by word of mouth from happy and support customers.

How Twitter lists work for business

Once a business has set up their Twitter account, it is very easy to start racking up the number of users being followed.  At last count, the official support Twitter account for Comcast has over 32,000 users it’s following.  Trying to keep track of that many conversations at once is completely impossible.  So, what is the solution?

Simple – Twitter lists.  Creating a list is a very quick and easy process.  Log into Twitter and click on the “New list” link found on the right-hand side of the web site.  A new window will open up where a name can be typed in as well as the type of list it should be (private or public).  Once the list is created, it’s then a simple matter of going through the “following” list of the account and adding members to the newly created list.

One great example for a business use for a Twitter list is a company that has offices and customers across the states.  If this business wished to group its customers by area, lists such as “northwest_customers” or “Oregon_clients” could be created.  Then, support teams could have direct access to specific customers based on geographic location.

Taking it one step further

Twitter has made it convenient to include user lists within web sites.  By going to the Goodies – Widgets area, one can find the easy to customize Twitter list widget.  Once customized, the code then can be grabbed and integrated easily within a business web site.  This widget provides a quick way to keep tabs on customers and makes it very simple for new customers to join in on the conversation.  The list widget can be placed on a front page of a web site or even within a support section.  Either way, including this bit of coding is a perfect way to generate more business.

Conclusion

Including Twitter within a social media campaign is a smart move.  Twitter is continuously adding new features to make the experience of micro-blogging easier.  The latest addition of Twitter lists is a splendid way to monitor topics and people who matter most and a great way to keep in contact with and give support to customers and clients.

Introducing the IntelBuilder CMS

Content management tools can do a lot these days, but few are able to match up to the exceptional default capabilities of IntelBuilder.  This software acts as a CMS and social media platform, offering users the best of both worlds when it comes to content publishing and serving as a viable web application framework environment.  Here is an overview and a little more on what IntelBuilder has to offer.

The Content Management Aspect

The IntelBuilder content management system is developed and maintained by software creator Vesta Digital.  Like most CMS products, the software has the ability to create and manage basic content.  IntelBuilder is geared more towards the inexperienced user, designed to be easy to use and managed.  It makes it simple for administrators to add and edit existing content, delete content and add an unlimited number of pages to a website.  Some of the most notable benefits IntelBuilder offers include:

- Built for search engine optimization with SEO-friendly URLs and meta data management.

- Cross web browser compatibility

- Automatic submission to major search engines.

- Built-in support for Google Analytics

- Integrated reporting and web statistics.

In comparison to other proprietary commercial CMS products, IntelBuilder distinguishes itself through ease of use, a rich set of features and a high level of global compatibility.  Being a new solution, it is uncertain whether IntelBuilder will evolve into the award-winning content management solution its developers think it will be, but so far, it appears to be simple and powerful enough to suit the needs of most users.

The Social Media Aspect

IntelBuilder offers a social media platform that enables users to achieve a goal that is becoming increasingly popular on the web: being able to effectively distribute content.  Once your content has been published, the platform lets you distribute it over popular social networking sites like FaceBook and Twitter as well as social bookmarking sites such as Delicious and Digg.  It also allows you to send out content to major guns such as Google News and other prominent news and media outlets.  IntelBuilder gives you the ability to effectively manage your audience of readers and subscribers along with tools for monitoring your website traffic and statistics.

Price and Availability

In all honesty, the features and capabilities mentioned in this article can be obtained from a number of CMS products through various add-ons for free.  However, when going with a proprietary solution such as IntelBuilder, they will cost you some real money.  The software is available in a variety of pricing plans with the most affordable coming at $49.95 per month with a one-time setup fee of $295.  The platform is module heavy and very extensible, but the default installation comes with features such as a text editor, site map, RSS news, search functionality and Google Maps among others.  IntelBuilder could turn out to be worth every penny but before making an investment, we recommend examining the product a little closer to determine if it can suit all of your content management and social media needs.

Is Cloud Computing Behind the Twitter Hack?

The cloud is one of the hottest topics in the world of network computing and more recently, IT hosting and e-commerce.  Though it has proven to be a cost-efficient technology, the cloud does not come without flaws, especially if the latest high-profile internet security breach has anything to say about it.

The Infamous Twitter Hack

What is being dubbed as the “Twitter Hack” has some questioning whether security is an issue for the phenomenon that is cloud computing.  The incident that sparked the debate was actually the hacking of a Google Apps account belonging to a Twitter employee.  It has been reported that the exploit occurred because one of Twitter’s co-founders create a password for Google Apps that was easily guessed by a hacker.  This in turn, enabled the hacker to access the user’s personal information, including the data on his wife’s personal computer.

A War of the Words

Andy Cordial, managing director of data storage solutions firm Origin Storage, stated that a large number of companies and their employees are becoming victims of the cloud.  Cordial’s logic is that because cloud computing is so prevalent, businesses are being rushed into it and forced “to adapt their IT security systems on the fly.” He remarked that Origin Storage saw the shift in the business industry on the horizon and that all the security “breaches occurring on the cloud front” is proof that there are discrepancies that still need to be resolved.  Although the cloud shouldn’t necessarily take all the blame for the most recent debacle, the news isn’t certainly isn’t making anyone feel any better about the overall security of Twitter or Google Apps.

Evan Williams, the Twitter co-founder who essentially caused his wife’s Gmail webmail account to be compromised, explained to blog site TechCrunch, that the hack was absolutely not due to a lack of security on the part of Twitter.  However, Andy Cordial stressed that if Twitter would have paid more focus on security rather than growing their user base at all cost, the company wouldn’t be in the midst of a such an embarrassing situation.  Cordial added that implementing encryption into an organization’s data storage arrangement, be it in on or off the cloud, will ensure that information stored on the server and in transit is protected from malicious intent.  His final shot at the Twitter co-founder was that creating a secure password on top of encryption and sound corporate policies would have likely prevented the matter.  However, it should be stated that it was personal user accounts, not business accounts that were compromised.

Who’s to Blame?

Who should take the bullet for the so-called Twitter Hack?  Is it really the fault of the cloud, or should blame lie with Google apps or the victim?  While it is probably a good combination of all parties, one would think that a co-founder and active member of what is arguably the most popular social networking platform of the moment would have the know-how to be a little more responsible.   In any event, this breach probably will not convince many of the users who are still concerned about internet security any time soon.

The Insecurity of Web Upload Forms

Convenience aside, allowing anonymous visitors to upload files to your site is pretty much like opening the gates and telling malicious users it is okay to compromise your server.  This puts you, the website owner, in a very tough position when considering that such permissions have become a commonality on today’s internet and has proven to increase business efficiency.

Having the ability to upload files is a regular occurrence on social networking sites such as FaceBook, MySpace and Twitter as well blogs, forums and online banking sites.  This feature is also prevalent in corporate portals as it allows end-users to share files with business employees.  In these environments, users are permitted to upload documents, pictures, music, videos and several other types of files.  The more functionality an end-user is provided with, the greater the probability of creating a vulnerable web application.  It is a known fact that many internet users abuse their privileges to gain access to a specific site or compromise a web server.

During recent tests, security experts have discovered that an alarming number of widely used web applications are not making use of secure upload forms.   According to their findings, many of these vulnerabilities were easily detected and exploited, allowing experts to gain full access to the file system on the web server hosting those applications.   Most of these vulnerabilities were the direct result of improper security configurations, essentially permitting intruders to roll right in.

Viable Solutions

Below is a list of practices you or your system administrator should enforce when file uploads are allowed to your website or web applications:

- Create an .htaccess file that only permits access to files with allowed extensions

- Do not the put the .htaccess file in the same directory where the files uploaded by users will be stored.  This file should be stored in the parent directory that your visitors do not have access to.

- The average .htaccess file that only allows files such as jpg, jpeg, gif and png files should include the following lines:

“deny from all

<Files ~ “^\w+\.(gif|jpe?g|png)$”>

order deny,allow

allow from all

</Files>”

These lines can be adjusted to suit your own personal needs.  Editing the .htaccess file in this manner will not only assure that only these file types are allowed, but also protect you from double extension attacks.

- If at all possible, make sure the files uploaded by users are placed in a directory outside of the server root.

- Do not allow existing files to be overwritten.  This will prevent exploits such as the .hataccess overwrite attack.

- Do not rely solely on client-side validation.  This is simply not enough to ensure an adequate level of security.  It is advisable to implement both client-side and server-side validation.

Conclusion

There are several ways a malicious user can bypass the security configurations applied to a file upload form.  When incorporating such a feature into your web applications, you should make it a priority to follow the best security practices and put them to the test on a regular basis.  While this requires a considerable amount of security expertise, it is worth every bit of time to make sure your website is protected.