Category: Facebook

Facebook 203: Security and Applications

Late last week I got a message from someone who wants to be known as “The Harmony Guy,” saying he had devised a method that could have been successful (eventually) in meeting the terms of the SMUG $100 Facebook Hacker Challenge. Harmony Guy is a social hacker of the “white hat” variety, as you’ll see in his blog, where he publicly exposes security flaws from social networking sites and urges the companies to fix them.

I learned a lot about Facebook security through my interaction with him, and if you click the (more) link, you will, too. Here’s what he said:

Continue reading “Facebook 203: Security and Applications”

Mayo Clinic Facebook Page Highlighted

I was interviewed earlier this month for an article in 1to1 Media about Mayo Clinic’s Facebook page. Here’s an excerpt:

Like any Facebook user, the Mayo Clinic’s page allows the not-for-profit organization to post information about itself, link to its three websites (for patients, consumers, and research and education), display “wall post” messages and photos, offer video and audio podcasts, provide updates on news and events, and connect with friends. Beyond that, Aase says, “what we really hope to have it be is all about people telling their own stories—describing what their experience was like here and connecting in that way.”

The opportunity for patients to directly tell their stories online is an important word-of-mouth component for Mayo Clinic. “Social networking sites like Facebook are one means by which people stay in touch and share experiences,” says Ed Keller, CEO of the word-of-mouth research and consulting firm Keller Fay Group. “Allowing people to express themselves—telling their stories in their own voice to their friends, family, and other members of their social network—is proving to be a powerful way for brands and organizations to join the consumer conversation and to help improve their own brand position as a result.” Consumer self-expression brings authenticity and impact, Keller adds. “If consumers are happy with their experience with the Mayo Clinic, and they tell others, it will undoubtedly help Mayo to grow its reputation and market presence.”

That’s certainly Aase’s hope. “When [patients] are telling their stories, their friends will see that and may be likely to check [us] out,” he says. “That’s like the word of mouth that happens over the back fence.”

Check out the rest of the article here, and thanks to Jason Alba at FacebookAdvice.com for his favorable review.

Update: The Rochester Post-Bulletin picked up this blog alert and published a story today.

SMUG Facebook Hacker Challenge Update

The SMUG $100 Facebook Hacker Challenge, which I conceived in response to a question during this podcast interview, has attracted some interest.

Anthony at AllFacebook put out the all-points-bulletin for hackers to give it a shot. And Goob said

Frankly, I think it’s just a great publicity event. Promise some money if people can do something you’re confident is impossible, let a ton of other sites write about it and link back to you, and sit back and relax. I can [sic] the same thing though. I’ll give $1 million dollars to anybody who can figure out the number I’m thinking of between 1 and 78 gazillion. See, it’s that easy.

And Justin Flowers added, while misspelling my name,

While reading the post, I suddenly realized that I had a similar challenge that I wanted to make, and that, in fact, I was willing to offer more money for mine.

You see, I, Justin Flowers, trust the security at the US treasury so much that I’m willing to offer a $1000 dollar reward to anyone that can break into the US Treasury, and steal $1,000,000 US. If you show me the 1 million, I’ll pay up. I’m willing to double my payout if you bring me a picture of you in a vault at the Treasury.

In their rush to sarcasm, they both Goob and Justin missed the point. The security of the US Treasury isn’t in question, and this isn’t about mind reading. No one doubts whether the banking system is safe from being hacked (even by Danny Ocean and his 10 friends).

But data security for business information is precisely the issue with Facebook. I get the question a lot, as I did on the MindComet podcast:

“If I use a secret Facebook group for business planning, can I feel confident that my data will be secure?”

And that’s the reason for the SMUG Facebook Hacker Challenge. I’m betting $100 that the answer is “yes.”

Do I hope lots of people link to the hacker challenge and spread the word? Yes, because that will help us find the answer to our question about data security in Facebook secret groups. This is a real academic research project.

Unlike Goob, I’m not thinking of a random number for someone to guess. I have a real answer for someone to find on this secret Facebook group, if they can beat Facebook’s group security. It’s right there, in the recent news section of the group. And the information itself is worth a lot more than the $100 bounty.

Yet in the blog discussions of the hacker challenge, one question that’s been raised is whether the $100 prize is lucrative enough to attract the attention of a really proficient hacker. In fact, in the comments on the post announcing the challenge, the mysterious jmprei offered to do it for $1,000. I guess the $100 isn’t enough for her or him.

As a professor at SMUG, I do have the security of tenure (after all, I’m the Chancellor), but since

  • we don’t charge any tuition for our online university, and
  • our University Endowment is…well…zero, and therefore
  • My SMUG salary also is nonexistent…

I’m not ready to raise the ante on my own. (In fact, my wife says the current hacker challenge prize has to come out of my Christmas money.)

So if anyone else thinks it’s worth raising the payout to find out how safe your business-related data would be in a secret Facebook group, here’s an opportunity for you to provide some extramural research funding for SMUG.

I’ve established a PayPal account for the SMUG Research Fund, and have transferred $100 into it. Whoever meets the SMUG Hacker challenge first gets whatever is in the account at the time of the hack.

So it becomes a fun little game of chicken for any hackers who think a $100 prize (and worldwide fame) isn’t worthy of their time and talents. As SMUG students or any interested bystanders make their $1, $2, $5, $10 or larger contributions to the SMUG Research Fund, I will update this post to indicate the new prize level.

I think it may eventually reach the point at which Greed and Fear will intersect for some hacker. They would then have the Deal or No Deal decision to make: Do I wait for the prize to go up and increase the payoff, or do I claim it now to avoid having someone else snipe it?

Please note: None of our 40 students (cool!) should feel any obligation to contribute.  Social Media University, Global is a free university. Also, contributions to the SMUG Research Fund are not tax deductible. But if anyone does want to help advance our practical knowledge of whether Facebook is safe for business data, click here or in the SMUG Research Endowment widget at the bottom of the right sidebar.

smughackerchallengenophotos.jpg

SMUG $100 Facebook Hacker Challenge

hackerchallengegrouplist.jpg

Note: Please read this post to learn what this challenge is about, but there is an update at the bottom.

When Paul Lewis interviewed me about Facebook last week, I said Facebook has lots of promise as a way for businesses to collaborate with key stakeholders without giving non-employees access behind the corporate firewall.Paul asked a common question about whether that would potentially put sensitive information at risk. I said I probably wouldn’t put my bank account and Social Security numbers out in a Facebook group (and certainly no information that would lead to civil legal liability or criminal penalties if disclosed), but that for ordinary business interactions I think the security is strong enough.

So I’m putting my money where my mouth is.

I’ve created a secret group in Facebook, and named it $100 Facebook Hacker Challenge. Here are some screen shots from when I set up the group:

hackerchallengepage.jpg

secretgroup.jpg

facebookgroupsetup.jpg

I’m offering $100 to the first person who can find this group and discover what it says in the “Recent News” section.

But wait, let’s make it really easy. Not only am I telling you the name of the group. I’m also giving you its URL:http://www.facebook.com/group.php?gid=29804935857

And if you can upload a picture to the $100 Facebook Hacker Challenge group, I’ll double your payout, to $200.

Post your answer in the comments below.Meanwhile, if you want to join a group that isn’t secret, and that can help you learn about Facebook and other social media and how they can be practically used in your professional life, enroll in Social Media University, Global (SMUG).

Update: See the latest on the Facebook Hacker Challenge, including your chance to participate in SMUG’s quest for knowledge, here.

Update: No one was successful in meeting the challenge in the first five days. I have now closed this challenge, for reasons that I explain here.

Facebook Internet Marketing VooDoo Podcast

I had the pleasure last week of being interviewed by Paul Lewis of Mindcomet for his Internet Marketing VooDoo podcast. Generally we try to not have “VooDoo” and “Mayo Clinic” mentioned in the same breath, but I met Doug White and Tara Lamberson from MindComet at the Frost & Sullivan conference in Phoenix last month, and they invited me to be one of Paul’s guests.

The interview was posted today, and you can hear it here.

If you’re an Internet Marketing VooDoo listener who is visiting Social Media University, Global (SMUG) for the first time, I hope you’ll read about our school, perhaps starting with our Message from the Chancellor. You can audit a few classes before you enroll, so check out the curriculum. And the best thing is the tuition is free.

In my interview with Paul, I mentioned that Facebook groups can be a great way to create private spaces for interaction with key external stakeholders without giving them access behind your firewall into your corporate network. An example would be managing PR agencies in multiple countries.

Paul asked whether that might compromise the privacy of your PR information, putting it on Facebook before you release it, and so in response I said I was going to set up “The Hacker Challenge” to prove that data in secret groups are secure enough for most basic business uses.

You probably wouldn’t want to use a Facebook group to store launch codes for nuclear missiles, but I think they offer a good degree of security for most other applications.

I’ll be launching the hacker challenge later today, as part of the SMUG curriculum, so you can see for yourself.

Update: Here’s the transcript from the interview with Paul.