Archived Posts from this Category
How to Tell It Was Twitter Asking You to Change Your Password
Posted by admin on 02 Feb 2010 | Tagged as: Twitter, security, useful info
There’s been some meta-discussion around yesterday’s phishing attack on Twitter (of which I, and many others, were victims) regarding the unwisdom of clicking on an unsolicited password reset link in an email, but there are way to assure yourselves that such things are genuine.
Every email package I’ve encountered has a function to allow you to see the full headers of an email message; in Entourage on OS X, it’s the “View Headers” command in the “Message” menu. Taking a look at the message (which is identical, from all appearances, to the one Andrew Girdwood recieved) shows us the following; note the “Received” headers in particular:
Received: from unknown (HELO mail-front4.dca2.superb.net) (66.148.95.125)
by 66.148.95.31 with SMTP; 2 Feb 2010 05:21:20 -0000
Received: (qmail 84707 invoked from network); 2 Feb 2010 05:21:20 -0000
Received: from mx003.twitter.com (128.121.146.152)
by 66.148.95.78 with SMTP; 2 Feb 2010 05:21:20 -0000
Received: from twitter-web043 (web043.twitter.com [10.209.32.253])
by mx003.twitter.com (Postfix) with ESMTP id DF684587210
for
X-DKIM: Sendmail DKIM Filter v2.8.2 mx003.twitter.com DF684587210
DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=twitter.com; s=dkim;
t=1265088079; i=@twitter.com; bh=ISzoeDqxeACoknd1YdcwEDZRDOA=;
h=Date:From:Reply-To:To:Message-Id:Subject:Mime-Version:
Content-Type;
b=QPpIZ0gV6a4WZPVALF+WWo3QVbr8HrfEVzCPg4AI9CTmULA9n7iLkNpTAfjxJdsvM
9ldsItg7386k4hf9b4aTiUYQwOf31EJM4jI5dvGG7S/f40lqgqdxIf4EkJ+wdov2Wb
8WTmKeuKm1P8AdZ8aE1WbceMpruk4B5BnGYNsi4M=
X-DomainKeys: Sendmail DomainKeys Filter v1.0.2 mx003.twitter.com DF684587210
DomainKey-Signature: a=rsa-sha1; s=default; d=twitter.com; c=simple; q=dns;
b=3hurpIWY7RHpVLkpad1GNEuzZ8LftciXQP5+G6tQo3Yd5u0jLnFQjLn0TPcluhu9J
E3qz/hUWZWIfCXFgdzRGA==
Received: from twitter.com (localhost [127.0.0.1])
by twitter-web043 (Postfix) with ESMTP id D364EBAD19A
for
Every time an email message passes from one system to the next, a “Received” header is added; you read them from the top down to trace a message back to its origin. So, the first “Received” line, referencing Superb.net, my (excellent) hosting provider, as well as the second, is me picking up the message here are home, in essence. The next line is Superb.net receiving it from mx003.twitter.com, whose IP address is given as 128.121.146.152; we can check that.
Doing a reverse DNS lookup is easy: go to http://remote.12dt.com/, enter the address you’re interested in, and here’s what you get:
So, that address checks out fine. (The 10. address given later for the site web043.twitter.com isn’t useful: any IP address that starts with “10.” is a private one, for internal use, in this case within the twitter.com domain.
Note, if you’re especially paranoid, that the message has been signed with a “Domain Key”. This is a use of public-key-encryption to both sign and validate the contents of the messages, giving assurance as to its origin and that its contents haven’t been altered.
The “Received” headers are well-nigh impossible to forge, given that the path an email message traverses, up to and including my own computer, can’t all be under a “phisher”’s control. The fact that I was able to validate and verify addresses for the origination of the message gives me some level of certainty that it did, in this case, come from Twitter, and not from a phisher.
And yes, I did work in networking for a number of years.
On Building and Managing a Following
Posted by admin on 24 Jan 2010 | Tagged as: Social media, Twitter
I have managed, over the years, to stake out a bit of a reputation around my office as the guy who’s willing to wade knee-deep into the stuff nobody can quite get their heads completely around. That’s how I wound up, in large part, with the open source-related responsibilities that have been my main area of focus for the past several years.
Accordingly, I got a sort of a gift from my management going into 2010: I’m the official “social media” lead these days, and everyone’s looking to me to figure it out, for the most part. I’ve worked out a few things already, which I believe are helping me, and they might help you, too. Or I might be dead wrong. If so, let me know where you think I’ve gone off the tracks.
One of the keys to succeeding in Twitter, it seems to me—at least in my terms—is in building up first, a solid set of sources of useful and interesting information, and second, a body of folks who are interested in at least reading the things you find interesting, but also (ideally) getting into a more interactive “conversation” around those things.
I’ve come across some tools which, in combination, are proving to be very powerful.
First, Twitter lists. The first inclination I had was to follow everyone and everything that seemed interesting, useful or potentially worthwhile in some way. I now see this as an error. This is what lists are for. I can follow Ars Technica here, or Guy Kawasaki, or Bob Scoble until the cows come home, but it’s not going to make them interact with me. So, I created a list called “News Sources”, added them (and similar feeds and reflectors and such) to it. I can read them all without following a single one. If we do get into a conversation—as I have with a couple of high-profile folks already—I’ll follow them then (as I do with the folks I’ve mentioned). I’ve created similar, topical lists for various areas of interest, and will continue to do so, tinkering with them as need be. An excellent tool.
There’s a philosophical decision about whom one should actually follow. One extreme would seem to be, on the liberal side, to follow anyone who follows you. This ends up entailing a lot of maintenance, it would seem: do you still follow them if the unfollow you? The conservative extreme is to follow only those people you’ve actually met. I’d like to be somewhere in-between, a nice “Middle Way”: I want to follow those with whom I actually have meaningful and useful interactions.
So, second: I’ve found “Friend or Follow” to be very useful in managing folks who I wound up following who aren’t following me back. The display of such folks gives a useful pop-up showing when they last tweeted (so you can remove those who’ve wandered away) and the size of their following (which factors into my judgment on such things, other factors like interaction aside). If they’re interesting, but don’t follow me, I unfollow them and add them to a relevant Twitter list and read them there.
Third and fourth: The best analytical tools I’ve found so far are Twitalyzer and Klout. I use them to take a look at potentially interesting new followers to see if I want to follow them back. Judgments can be made on things like “engagement” and “generosity” on Twitalyzer, which provide an indication of how interactive they are, and how likely to retweet things; on Klout, similar judgments can be made from looking at the “True reach” score on the “Stats” tab. Klout has a nice feature in the form of a four-quadrant breakdown of tweeps into “Casuals”, “Climbers”, “Connectors” and “Personas”, based on audience size and influence. It’s a little rough-and-ready, but it seems pretty indicative, and seems to see through things like large follower counts which turn out to be mostly MLM marketers or bots.
Klout still has some rough edges: they have only added an “Update” capability within the past week, and the “Remember me” checkbox on the login form still doesn’t. That aside, I think it offers some useful capabilities, although at the moment, Twitalyzer is more full-featured.
It’s good—again in my view—to have a healthy follower-to-following relationship. In my terms, that means that (ideally) more people are following me than I’m following back. It’s the 80-20 rule: 20% of the people produce 80% of the valuable content. I want to follow—and interact with—that 20%. If you do, too, this should give you some ideas how to manage it.