Get the LinuxSecurity news you want faster with RSS
Powered By
Featured Blogs
Welcome to the Linux Security Blog section! We continually scour the blogosphere to find informational and well-written blogs that cover Linux and Security. To give you a better idea of how we come to our choices here's some of our criteria:
Must have Linux/Open source as a component in >50% of all
posts.
Must have security as a component in >50% of all posts.
Must be updated at least twice a week. We are looking for blogs,
not conveniently updated sites. This is tracked, and if no post is
made for 2 weeks, we remove it.
Additionally, each month, we will
feature three of the best stand-out blogs for each month, highlighting
the best of what the Linux and security Blogosphere has to offer.
Feel free to contribute one of your favorite sites by sending an email
to
contribute@linuxsecurity.com
Download full version of Codeweavers software for free - One day only
Download the full version of Crossover office and Crossover games for Linux and Mac. And get a legit serial number with one year support thrown in for free. Just for today. Courtesy: Codeweavers.
Free wallpapers for portrait monitors
Beautiful wallpapers for normal monitors are dime a dozen. In fact you will find links to quite a collection of wallpapers right on this blog. So what is unique about this set of wallpapers you might ask.
The USP of this collection is that it is optimized and targeted at portrait monitors ...
Kingston unveils 32GB Linux friendly USB drive
Recent advances in storage technology has made it possible to literally carry all your data in your pocket. Kingston - one of the major global players in the USB storage and memory market with more than 2,000 memory products in its offing, has unveiled a 32GB USB flash drive called "DataTraveller 150".
A vulnerability in the Snoopy library was announced today. WordPress uses Snoopy to fetch the feeds shown in the Dashboard. Although this seems to be a low risk vulnerability for WordPress users, we wanted to get an update out immediately. 2.6.3 is available for download right now. If you don?t want to download the whole release to get the security fix, you can download the following two files and copy them over your 2.6.2 installation.
The hole is located within the page stnl_iframe.php, the parameter newsletter is missing correct sanitisation and so the plugin is prone to this attack. Currently we’re not aware about any fixes, users should disable the Plugin in the meantime, or should fix the problem their self. As r45c4l told no certain version is vulnerable, mostly all previous versions and the current 2.2.81 are vulnerable.
This is considered a HIGH RISK vulnerability.
Credit: The hole was discovered by r45c4l.
More Info: An exploit has been made available on milw0rm
Multiple vulnerabilities in WP Comment Remix 1.4.3
Express Scripts Offers $1million Reward for Cyber Extortionists
This is an interesting story, I’ll be watching how it develops - it’s not often you see a bounty for online crimes and especially one as enticing as 1 million dollars!
That’s a hell of a sum for nailing down some dodgy hackers who are running an extortion scam after a data leak.
I really wonder where [...]
Read the full post at darknet.org.uk
Samurai Web Testing Framework - Web Application Security LiveCD
The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use [...]
Read the full post at darknet.org.uk
WPA Wi-Fi Encryption Scheme Partially Cracked
Well WEP came down long ago, it was only a matter of time before the standard that succeeded it fell too - WPA. The big news last week was that WPA has been cracked finally, it’ll be discussed this week at the PacSec Conference.
After the insecurity of WEP was exposed the majority of routers and [...]
Madoff, a prominent Wall Street Hedge fund manager, has admitted to running a $50 Billion Ponzi scheme.
While law enforcement has been quick to react, the revelation came when Mr. Madoff confessed to an associate. While rival Hedge fund managers had been suspicious that Madoff's results were too good to be true, THE REGULATORS HAD NO CLUE.
Years ago, there were many warnings on and off the Hill. Regulators, economists and many others sounded the alarm that allowing an entire financial industry to exist without regulations was a bad idea. However, the standard responses were: regulations are bad, the market will police itself, we can trust our Hedge fund managers. Well, look at what has happened. AIG failed to accurately assess and hedge their risks. Dozens of financial institutions have gone under and hundreds more are at risk. Hedge fund managers have admitted to running a crooked game.
The lesson is clear, systems and the people who work within them are not self-policing. Shocker. I am sure Machiavelli and Juvenalis are laughing at the continuing naivete of the human race.
Now, right now, we have a very similar pattern emerging in information technology. Institutions around the world are virtualizing like crazy. IT is deploying the vast majority of these virtual infrastructures without any of the protections I recommend here. PCI, HIPAA, SOX, you name it, these IT Groups are putting sensitive data about you and me, valuable data worth billions of dollars is at risk.
Where are the Guardians?
The Guardians are out to lunch, they missed the memo, they drank the Kool-aid from the platform vendors.
Current theories center on the likelihood that a Check Free employee got suckered by a phishing or straight-up social engineering attack.
I'm going to hazard a guess that this was a spear-phish or more targeted form of attack. A quick search of Linkedin, Facebook and other social networking applications finds a treasure trove of CheckFree/Fiserv employees.
It's a small step to go from these links to a targeted attack against Fiserv IT staff.
However, as the article notes Fiserv was not the only target in this attack and Financial Institutions (FI) are dangerously reliant on a single registrar.
My recommendations:
FI's and others must monitor and protect themselves from domain hijack -- I recommend Pharming Shield.
Get social networking applications out of the data center, IT personnel must not use corporate resources (including email) to access these sites
The Financial Industry is at risk from a single-point of failure at Network Solutions. This must be addressed through community efforts and directly by the platform providers.
Happy Holidays!
Virtual Security and Compliance Webcast
Recorded last week, go here to register and listen (sorry, the sound is ahead of the slides, I am trying to get that fixed).
Shout out to Tarry and everyone else who participated.
Browser Speed Test Revisited: Webkit Still The Best And Rips Opera 10 Alpha A New One
In my last browser test I was criticized, and rightly so, for running browser on different OS and compare results. The argument was that some browsers perform better than others on certain OS, regardless of the hardware. The assessment is right I have seen webkit powered browsers perform ~25% faster on Mac OS X, while Firefox nightly is ruthless on a linux distro. So in this round we added two more browsers and tested all of them natively in windows and as expected Firefox Minefield performed poorly.
Machine and OS used?
Intel Core 2 Quad q6600 @ 2.40GHz with Windows Vista SP2 v.113 Build 6002 (Screenshot).
Why Javascript and why Sunspider Benchmark?
To some estimate javascript is used in more than 2/3 of the websites out there and Sunspider is the most comprehensive javascript benchmark test with the most real-life testing conditions. (read info).
Why it matters?
It doesn’t matter if your web use is limited to watching babies laugh in youtube; but as more and more application are getting web-based; heavy users, like yours truly, are spending increasingly more time on web-based applications. Which was one of the reasons behind the release of open-source Chrome by Google, “To make the web a bit faster” and why developers are spending more time trying to get every bit of juice out of their javascipt engine like “V8 for Chrome”, “SpiderMonkey for Firefox”, “SquirrelFish for Webkit” and “futhark for Opera 10 Alpha” (with presto 2.2 Rendering engine).
The Result.
As expected, open source webkit engine is still quite a few steps ahead of its nearest competitor and winner of this benchmark. Unfortunately we couldn’t use the latest build of webkit as it was only available for OS X; yes we could have used the source and compile it - but not knowing which compiler and which optimization options were used (yes it matters!) to get the fastest build; we decided not to take the chance. Either way Webkit won so it doesn’t matter.
Firefox performs really bad under windows compare to both OS X and Linux based distros. So as expected Chrome performed better in its home turf, to make matters worse the latest nightly build of chrome (5.155) actually performs quite a bit better than the previously tested version (4.154).
Opera took more than double the time of webkit to finish this benchmark, not to be left behind; IE 8 Beta 2 took double the time of Opera to finish the benchmark.
Graduate From A Wubi Install To A Dedicated Partition
So you took my advice and installed Ubuntu with help from the best thing since LiveCD (Hint: Wubi), and now that you are happy with your experience with a “safe” install of Ubuntu, the next logical step would be to have a dedicated install on a separate partition or even better move your existing wubi install to a full fledged install of Ubuntu. (The third logical step would be to remove windows altogether and only have Linux installed in your computer, but we will take one step at a time to de-toxify years of windows usage). Purely performance wise you won’t see much difference when you move from a wubi install to a dedicated install - considering that you have a fairly fast hard drive and that your windows partition is not heavily fragmented. However, moving to a dedicated install does give a better safety net in case of hard-reboots or upgrading to a newer version of Ubuntu (I never had problems with upgrading, but some users did).
Transferring a wubi installation is possible with the help of LVPM (Loopmounted Virtual Partition Manager). It is advised that you create two new partitions prior to using LVPM to transfer your Wubi settings. One partition for your actual Ubuntu install and second one for swap, to avoid accidently writing over your root partition.
Step 1: Download and install LVPM, after you have created two partitions and booted to your wubi installation.
Step 3: Select the newly created partition. Know your drives. DO NOT select root partition unless you want to get rid of windows completely (which is fine by me).
Step 4: Wait for LVPM to do its work, as it formats the partition - copies your wubi installation - installs GRUB and reboots to your new dedicated Ubuntu install.
Pat yourself in the back; you just took one giant step towards total freedom. :)
Firefox Nightly Beats Chrome in Speed And Webkit Nightly Eats Them For Breakfast.
We already knew that Firefox nightly beats Chrome in speed, the gap is getting wider with the latest Firefox builds (3.2a1pre). While Google Chrome uses webkit as a layout engine it uses it’s own javascript engine called V8. On the other hand webkit developers are quietly tweaking away its SquirrelFish engine for javascript speed increase.
While there will always be fanboys who prefer one browser over another (where the hell is my Opera on webkit?) - the one thing that we can agree on is that its a winning situation for everyone as all these rendering engines, javascript engines and, in the case of Chrome and Firefox, browsers are open source. The one with the largest browser market share is not anywhere close in terms of speed or standard compliance. Their dominance in market share will too not last for long.
Update: Should have mentioned before. All used the same hardware, a macbook core 2 duo with separate installs of vista and Ubuntu with bootcamp along with OS X of course.
False security can lead to real performance problems
The Obama-Biden transition team promised last Monday, Dec. 8th, that they would provide most policy documents from meetings with outside groups ? i.e., lobbyists ? would be posted on the Change.gov Web site.
By Wednesday, Dec. 10th, this policy already saw some interesting results. David Kravets over at Wired?s Threat Level blog pointed out that the site has already published a paper detailing the requests of the MPAA?s lobbying organization, which include requesting filtering information from technology companies.
We?re not against the MPAA using the means available to protect their intellectual property concerns, but there are two problems with filtering: false positives, and performance degradation.
This is also a recent problem; in October of 2007, Google launched a copyright filter for the YouTube Web site. It, too, has many false positives. For example, a fan production of the reality TV show ?The Mole? was removed, presumably, because it was confused with the real thing by the filter. Judging from the production values of the fan-film, it?s very unlikely that a human censor would confuse the two.
Videos removed for copyright complaint ? legitimately or not - have been catalogued (but not archived) at YouTomb, a project from MIT Free Culture.
But YouTube is one, privately operated Web site. Filtering the content as it is uploaded merely affects the time to publish, not the time to distribute. Additionally, videos can also be hosted on competing sites.
If one were to try to use filtering on the Internet as a whole, as the MPAA seems to be lobbying, it is likely that the results would be similar to the results of the tests run by the Australian government ? where even the best of filters degraded network performance, and the better the filter was at avoiding false positives and false negatives, the more performance degraded. Even the best filter wasn?t very effective.
The lesson to learn from all of this is that too often, measures taken in the name of ?computer security? ? even if it?s to instill a false sense of security ? can have serious impacts on network performance. For this reason, those in the enterprise responsible for making sure that networks remain secure and those responsible for making sure that applications remain responsive absolutely need to coordinate efforts.
Information Asymmetry and the Art of Subcompact Maintenance
My car, a Ford Taurus from 2000, with 120k miles on it, is dying. The check engine light went from a manageable steady golden hue, indicating need of expensive repair, to intermittent blinks which indicate that death is imminent.
Coincidentally, this is also the general state of the American automobile manufacturing industry.
The trade-in value is less than what it would cost to repair, so I?ve decided to buy a new car.
It?s my first time buying a new car, as all the other cars were given to me by relatives as hand-me downs. I?m running up against a familiar nemesis, however, and that is information asymmetry.
That is, the dealers know a hell of a lot more than I do about how this works. For example, I couldn?t figure out why all the local dealers were charging $15k for a car that has an MSRP of $14k. (Turns out that all the cars of that brand go through a wholesaler who adds options.) Also, it?s either an urban legend (or inapplicable with my insurance company) that red cars cost more to ensure than blue ones. But I was misinformed about it until just recently and that artificially limited my options.
Stephen Dubner and Steven Levitt wrote extensively about this in Freakonomics and I?d be happy to quote the relevant passages. I can?t, however, because I don?t trust my current car to make it all the way to Barnes & Noble and back.
What I can take comfort in is that compared to a few years ago, I am at least more informed than I once was, being able to look up MSRP, Invoice price, and average sale price on the Internet. In fact, between Edmunds.com, KBB.com, Caranddriver.com, Yahoo Autos and various auto blogs, I?m probably in a better shape, information wise, than my father when he bought his first car ? and Dad was a mechanic as a teenager.
Similarly, enterprise customers who use network service providers need to have visibility into how the services are actually performing. Are they living up to SLAs? Is the service provider having performance problems that are affecting your applications? Without the transparency, there is an information asymmetry and the service provider has an advantage over the customer.
There are several different ways to address this. One, you can keep some amount of network performance monitoring in-house to validate contracted performance. Another route, which is gaining popularity with service providers that are differentiating their services and adding more granular, performance-oriented offerings, is to provide their clients with their own view of network performance.
Either way, sharing data and context between client and service provider removes the asymmetry, building trust for the client and potential new streams of revenue for the provider.
Will networking bear the brunt of IT cuts?
Thomas Nolle at ComputerWorld (via NetworkWorld) suggests that not only will the economic downturn affect IT budgeting, but that networking, in particular, will take a harder hit than the rest of IT.
The logic goes something like this: when the first tech bubble burst in the early 2000s, IT spending shifted from networking to computer systems and software. To quote Nolle:
The fact that the point where the shift occurs corresponds with the previous major economic downturn raises some legitimate questions about whether networking might not take a further hit in the current slump, as well as questions of what might be done to prevent that.
That is one theory.
But I think it?s simply more likely that there were other factors that precipitated 2000s IT spend shifting to computer and software expenditures.
For example, 1999 and 2000 were the years of the Y2K scare. (I still believe that Y2K will, of course, eventually kill us all. It just didn?t happen on New Year?s Eve, 1999, because everyone knows that Y2K will strike when you least expect it...)
To prepare for Y2K, companies spent millions on upgrading their entire IT departments to newer equipment that was ?Y2K compliant.? It makes a bit of sense that more was spent on the desktop than in the network ? there?s only a handful of data centers but tons of workstations.
Additionally, Windows 2000 came out in February of 2000, with Windows XP soon after in October 2001. Both OSes provided a more stable, and thus, more business-friendly computer working environment ? so companies might have a compelling reason to upgrade.
Or, consider that prices for desktop computer hardware, already on a deep decline, started hitting very low prices, comparatively, around the same time ? computers were becoming so cheap that there were companies that would give you a computer with 2 years subscription to an Internet service. At those prices, computers could be given to every employee instead of only the most savvy. Also, 2000 was when early graduates of universities in the Internet era were out looking for jobs ? and these graduates knew how to use PCs, which justified the cost.
So I think that perhaps Nolle might be confusing correlation and causation. Then again, Nolle may be right and I might be confusing correlation and causation. Then again, correlation and causation might be causing confusion. (Then again?)
Additionally, the networking environment of 2000 is very different from 2009. How many applications did your company have on the network in 1999/2000? How many does it have today? Can you even count that high? 2000 was before the advent of Salesforce.com and other SAAS products that depend on network connectivity ? back then, you were just as likely to e-mail a file as you were to copy it to a floppy disc.
And let?s not forget the point about the number of people working remotely, which will actually be more important as companies shrink campuses.
However, that doesn?t mean he?s necessarily wrong about some of the points later on in the article. For example:
The question we might ask is why networking couldn't capitalize on the attention it received. The answer, I think, lies in the stuff that binds networks to applications. The pivotal point in that critical issue came in the early 1990s, when IBM's Systems Network Architecture was supplanted by TCP/IP. SNA network equipment was just too expensive, and enterprises went to the lower cost of TCP/IP instead. The critical thing was that SNA was an application architecture as well as a network architecture, and TCP/IP vendors didn't present application tools? Networking won hearts and minds in the '90s, then lost them again because it didn't offer the whole solution. The application connection to the network was never made by the network vendors, and so IBM and other system and software players continued to control that critical linkage -- and still do today.
We often say, (mostly because we agreed with it when Jim Metzler said it,) that in IT, you either develop applications or you deliver applications. It?s all about the applications ? because ultimately, layers 1-6 have no purpose unless they?re supporting layer 7.
If you?re going to have problems with IT budgets during the economic downturn, the best way to weather the storm is to make it clear how the network enables the applications that run on it, and how the applications add to the business?s bottom line.
If anything would precipitate a slowdown, it would probably be that for years, during the good times, CIOs have been future-proofing their networks in order to meet increased demand during a time when they couldn?t just throw more resources at the problem ? that day seems to have arrived, so now they may be looking to finally use the capabilities that they paid for when times were tougher.
Thanks to Chandra Hosek and Steve Harriman for their help in writing this article.
I have been named as one of the 25 most influential people in the security industry....
Jim Harper Responds to My Comments on Fingerprinting Foreigners at the Border
Good comments: Anyway, turning someone away from the border is a trivial security against terrorism because terrorists are fungible. Turning away a known terrorist merely inconveniences a terrorist group, which just has to recruit someone different. The 9/11 attacks were conducted for the most part by people who had no known record of terrorism and who arrived on visas granted...
Microsoft says all versions of Internet Explorer vulnerable to XML attack
The Internet Explorer vulnerability saga continues to unfold. Microsoft late Thursday released more information about the unpatched XML flaw in IE, and confirmed that the vulnerability in fact affects all supported versions of IE, not just IE 7 as had been previously thought. Microsoft Malware Protection Center officials said that the company has seen exploits against the vulnerability in the wild, including attacks against both home and enterprise users.
The exploit sites we’ve seen so far drop a wide variety of malware– most commonly password stealers like new variants of game password stealers like Win32/OnLineGames, and Win32/Lolyda; keyloggers like Win32/Lmir; trojan horse applications like Win32/Helpud along with some previously unseen malware which we generically detect as Win32/SystemHijack. We fully expect the variety of malware being dropped by this exploit to broaden as the exploit code starts to circulate around the Internet underground.
This issue could impact you even if you avoid surfing questionable sites. Over the past few months, we’ve seen a surge in SQL injection attacks which enable miscreants to inject content onto trusted sites (we even blogged about the technique a few months ago). This class of attack, along with other more classical forms of website intrusion mean that even trusted sites can end up serving malicious content causing you to get infected.
Microsoft’s Security Response Center has added more information about the attacks and workarounds to its advisory, as well.
We?ve also added additional workarounds to the advisory and updated our guidance to recommend that you evaluate implementing two of the workarounds together for the most effective protection. Specifically, we?re recommending both setting the Internet zone security setting to High and using ACLs to disable Ole32db.dll. Our research so far has shown that these two steps together provide the most effective protections for this issue.
Microsoft releases advisory and workarounds for IE 7 XML flaw
Microsoft has released a security advisory with a suggested workaround for protecting vulnerable machines against attacks on the unpatched XML vulnerability in Internet Explorer 7 that came to light earlier this week. The advisory suggests that customers at risk from the attacks do several things: enable DEP; set the Internet and intranet security settings to high; and configure IE to prompt the user before running active scripting, or disable active scripting altogether in the Internet and local intranet security zones.
Microsoft said it’s seen limited attacks against the vulnerability, and there are numerous reports or working exploits being seen in use. In its advisory, Microsoft confirmed that IE 7 on Vista and Windows Server 2008 is vulnerable to this attack, as are machines running XP SP2 and SP3 and Windows Server 2003. However, the company also said that running IE in protected mode mitigates the vulnerability. Microsoft did not rule out the possibility of issuing an out-of-band patch for the flaw.
We are actively investigating the vulnerability these attacks attempt to exploit. We will continue to monitor the threat environment and update this advisory if this situation changes. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs.
If the attacks continue to build, Microsoft may well issue an emergency fix, given that they just released their patches for December and it will be nearly a month before the next set of regular fixes are released.
Security chief Window Snyder leaving Mozilla
Window Snyder, the head of security at Mozilla, is leaving the company to help found a start-up venture unrelated to security. Snyder has been at Mozilla for more than two years and has been the driving force behind the company?s effort to make security a top priority in its popular Firefox browser.
Snyder?s departure is a blow to Mozilla, a small organization that counts on participation from the open-source community for much of its work. Snyder has helped raise the company?s profile in the security community and made transparency about security issues a key initiative. The company currently is working on a security metrics project with security analyst Rich Mogull of Securosis that is designed to measure the relative security of Firefox in a number of different ways.
It?s unclear who will be replacing Snyder, whose official title never evolved beyond the ?chief security something-or-other? she came up with when she was hired. Snyder said she is not yet ready to talk about her new venture, but said it is something she is passionate about. When she joined Mozilla in 2006, Snyder was already one of the more visible personalities in the security community, having spent several years at Microsoft and at @stake before that. During her time at Microsoft, she was one of the key players in the development of Service Pack 2 for Windows XP, a massive security upgrade that was one of the first results of the vendor?s Trustworthy Computing program. After leaving Microsoft, Snyder did a short stint at Matasano Security, a consultancy.
Mogull, who has been working on the metrics program with Mozilla for several months, said he’d been impressed with the way Snyder had worked to make security a priority within the Mozilla community. “I think she’s done a great job. I mean, think about the challenge she faced going into that,” he said. “It’s an open-source project and she’s trying to put in a structured security program in an open-source environment. It’s not the same as a commercial software company where you have very rigid processes. It’s a very engaged community and that’s one of the reasons I was so excited to work with her. She broke new ground in combining the technology for developing secure software with a project like this.”
Ravi Sandhu, director of the Institute for Cyber Security at the University of Texas at San Antonio, paints a bleak picture of the state of security research in academia.
?Hot Type?: Voice over IP Security
In the latest edition of “Hot Type: Security Books in Audio,” author Patrick Park reveals two of the biggest VoIP security myths around.
Amit Yoran on DHS, federal cybersecurity, enterprise security
Amit Yoran, the former cybersecurity czar at the Department of Homeland Security and a veteran security executive, joins Dennis Fisher to discuss the state of enterprise security, the Obama administration’s cybersecurity priorities and why information sharing between the government and private sector hasn’t worked.
I've been recently writing a Wordpress plugin focused on affiliate marketing and keyword management; think WordpressAffiliatePro but significantly cheaper but similarly featured.
I need people who are willing to install the plugin, test it and give me feedback.;nbsp; In return for doing so you will be given a full version of the finished plugin to use forever.;nbsp; For free. ;nbsp;
Send me an email at steven.york@seopher.com if you're interested in being a tester.;nbsp;
The 7 best fat footers used on high profile sites
The fat footer seems to be a design trend for 2008 and rolling into 2009. They've very handy for giving users context within your site, offering another set of navigation to users or just for deep-linking for SEO gains. Here are 7 high profile sites that employ the fat footer effectively:
Darren Rowse has an attractive fat footer where he offers information about himself (as the author), some useful resources and a push towards incentivised schemes. This is more a promotion of his primary purpose (as a professional blogger) than for SEO gain and I imagine it works well for him.
One of the most aesthetically pleasing sites I know, WDW also use a fat footer in a conventional ;quot;blog;quot; way; summarising recent posts, recent comments and information about the blog itself. Footers like these are an excellent way to encourage users who have just finished reading content to continue interacting with the site.
Waitrose implement a navigational style footer which doubles up as an SEO enhancer. It allows users to find what they need quickly and effectively with deep-links to the respective sections to ensure search-engine spiders can index the site efficiently.
Online humour-video vendor Break uses a fairly simple yet effective fat-footer linking to other sites within the same network, popular tags and the obvious ;quot;about, contact, advertising etc;quot; set of links you'll find in most footers.
A site I consider to be one of the greatest on the Internet has a footer that encourages more interactivity from the user. It lists places where they can continue to get involved (join groups etc), download and use more widgets, get help or see information about Last.fm themselves.
;nbsp;
Due to the effectiveness of fat-footers on these high profile sites we're not seeing more and more blogs using them to good effect.;nbsp; I use them here on Seopher.com but also on Distro-review.com too.;nbsp; They're a great way of enticing readers who have just finished reading a post to read something else or interact in a different way.;nbsp;
Think I've missed something sexier than these?;nbsp; Shout at me in the comments.
The 10 best viral marketing campaign videos
Viral marketing is very difficult to do well, but by studying the success these videos brought their owners you should be able to understand what it takes to make a good campaign.;nbsp; Viral marketing may be one of the most lucrative forms of advertising but it offers a ROI unlike any other. ;nbsp;
Some of the examples in this compilation show that you can reach millions upon millions of people by spending under $1000.;nbsp; Using websites such as Youtube as a free means of distributing your video means you're not shouldering hosting costs and using Will It Blend as an example, blending an iPhone on film is an inexpensive piece of advertising - but when you're reaching over 6,000,000 people because of it, you need only sell 10 products to reclaim the costs.;nbsp; Here are my 10 favourite viral video campaigns.
Blendtec - Will It Blend?
One of my personal favourites; what was the best way for Blendtec to demonstrate the might of their blenders?;nbsp; Gun for product placement in films?;nbsp; Leverage food channels?;nbsp; No, all they needed to do was blend an iPod, a broom, golf balls and a multitude of other things.;nbsp; This campaign attracted visitors like no other - people loved watching sturdy/expensive items turned to dust by this blender.;nbsp; On Youtube alone the iPhone blending attracted nearly 6million visitors, the iPod attracted nearly 6 million too, 3million for a bag of marbles - you get the idea.;nbsp; Sales of Blendtec blenders increased by something like 800% because of this cheap yet moreish campaign.;nbsp; Pure genius.;nbsp; Visit Will It Blend?
Honda - The Accord ;quot;Cogs;quot;
I consider Honda's marketing team to be amongst the best in the world because they frequently deliver rememberable, instantly recognisable advertising.;nbsp; This advert that they created for the new Honda Accord became iconic; it didn't need to be subtle in it's intentions, the sheer scope of what they accomplished ensured that people were forwarding this advert to each other across the entire Internet.;nbsp; It was shown on TV's worldwide and implied that if Honda could go into this much detail with their advertising, the car must be exceptionally well made.;nbsp; Which they were. ;nbsp;
Guitar Hero - Bike Hero
Only yesterday I awarded this marketing stunt of the week because the scope of what was achieved here is just excellent.;nbsp; It was completely unbranded and uploaded as if someone had gone out and done it - it showed a guy using his pushbike as a guitar-hero controller and cycling his way around a track they'd drawn around his neighbourhood.;nbsp; He had to hit the right notes at the right time...;nbsp; It's really quite inspiring to watch.;nbsp; All this video does is raise awareness of Guitar Hero in a positive light, but done in such a clever way that it's indistinguishable from normal user-generated content.;nbsp; It wasn't until someone blew the whistle that it was flagged as viral marketing.
Burger King - Subservient Chicken
This is one of the oldest pieces of viral marketing around, and while it was branded up for Burger King it showed little more than the video of a chicken.;nbsp; What made it viral was the interactivity; you wrote in a message box what you wanted the chicken to do and it would seemingly do it.;nbsp; There were more than 300 different commands that the chicken would act upon with a couple of easter eggs too (excuse the pun).;nbsp; Within 24 hours of launching the campaign had received a million hits, which would top 20million within a week.;nbsp; In a year it received around 14,000,000 unique visitors and helped promote their new sandwich.;nbsp; The success of this campaign raised eyebrows within the industry and showed the power of viral marketing.;nbsp; Visit Subservient Chicken.
Nike - Ronaldinho Golden Boots
This campaign was unquestionably created by Nike, so heavy the branding and obvious it's intentions; yet it had so many admirers just to see the unhuman skills shown by Ronaldinho.;nbsp; Clearly it was fake yet it was done so well that no one could conclusively prove it was.;nbsp; Why was it good?;nbsp; It hinted that by buying Nike boots you too could develop inhuman skill, yet at the same time it was done in a way that made you want to show your friends.;nbsp; That's good viral marketing.
Transport for London - Do The Test
Transport for London created this absolutely astonishing piece of viral video; you're challenged to keep an eye on the video and count how many times the team in white pass the basketball.;nbsp; At the end of the video a new dimension is introduced that forces you to re-watch it - the message this video promotes is massively important and they conveyed it brilliantly.;nbsp; This is a video that I personally sent to 10+ of my friends because it had the perfect combination of surprise and competitiveness to make it viral.;nbsp; Visit Do The Test. ;nbsp;
Cadburys - In the Air Tonight Gorilla
This is a campaign that didn't quite resonate with me, but it did with everyone else.;nbsp; A very simple advert created for TV showed a gorilla sitting behind a drum kit listening to Phil Collins' ;quot;In the Air Tonight;quot;, upon reaching that famous drumming moment the gorilla starts playing the instrument.;nbsp; I didn't understand quite why this advert had such appeal but it really did - certainly amongst children and those 30+.;nbsp; The advert had a very strong presence online and raised brand awareness, clearly delivering a good ROI because this video can't have cost much to make.
Jack Links Beef Jerky - Messin with Sasquatch
A fairly simple premise but executed in a tidy way - short videos showing guys messing with Sasquatch.;nbsp; Nothing overly amazing about these videos but they were mildly amusing and perfectly forwardable and with a few million views on Youtube alone shows that the campaign took off pretty well.;nbsp; While the videos don't have the creativity or vision of heavyweights such as Honda, the fact that I knew the product solely because of the viral campaign shows it works (they're not sold here in the UK - jerky isn't popular at all).;nbsp; Visit Messin' With Sasquatch.
Honda - Difficult is Worth Doing
Honda have the best marketing team in the world (in my eyes) and this campaign showed quite how much effort they put into their advertising.;nbsp; With a slow lead-up for a week or two on TV (small snippets explaining Honda were going to be doing something) they then went all out and broadcast a live advert with choreographed sky-diving.;nbsp; This wasn't quite as viral as their ;quot;cogs;quot; campaign but it showed how much time and effort they're willing to put into their advertising and by proxy, how much time and effort goes into their products.;nbsp; It didn't matter that they didn't advertise the fact that they sell cars, because Honda no longer need to tell people what they do.;nbsp; They just need to continue to prove how good they are at doing it. Watch the video here.
"So what?" -- President Bush dismissing the role the U.S. invasion played in attracting al Qaeda to Iraq. To our war president it's all the same. Somehow I bet the families of the dead don't feel that way. Incredible.
Why no new posts from me the past couple of days? I'm in the middle of a move -- well, now near the end of it -- from one part of suburban Toronto to another. We have Internet access at our new place, but our computer is on the floor, behind the couch, amid bags and boxes and crates and the like.
Moving is a challenge, as many of you know, and it's even more of a challenge with children, not to mention with the weather the way it's been here recently (cold and snowy until the past day or so), and, well, various priorities have overtaken blogging in recent days.
But I'll be back to blogging this week, and, before long, I'll be back to my normal blogging self.
Thank you, as always, to my fantastic co-bloggers for carrying the load. Keep checking back here for new posts from them today and everyday, and, for more, click on their bylines to go straight to their blogs.
Despite the igominy of suffering the worst insult an Iraqi can afford, short of shooting him, George W. Bush managed to steal some of Obama's thunder and theme today, and showed that he is still going to either extricate his legacy or go down whining:
The most recent draft stipulates that American forces will withdraw from Iraqi cities by June 2009 and from the country by the end of 2011, and contains amendments made by the Americans in response to Iraqi demands made last month.
"The deliberations are continuing in the cabinet in order to ascertain the scope of the amendments that have been added in order to reach a clear agreement and to see if it is acceptable to parliament," Safaldin al-Safi said. "The American response contained many positive elements, but at the same time it contained clauses that require more discussion," the head of Iraq's parliamentary affairs committee said in a statement Tuesday.
Many would say that this is Bush trying to steal Obama's thunder, and I'm sure there's some element to it. After all, Obama ran directly against the Bush invasion record, a point magnified by Senator John McCain's famous comment that Obama should have run against Bush in 2004 if he felt that strongly about it.
The November election was a clear and direct repudiation of Bush's tactics over the past 8 years and the wrong-headed decision to invade Iraq in the first place. That has to sting any man, but a man like Bush, whose entire Presidency seems to have been predicated on the "Look what I can do, Daddy!" tactics of a four-year old, it must be a very deeply felt rebuke.
Which is why I'm not convinced this is entirely the attempt on Bush's part to leave a "Fuck You" card on the Oval Office desk.
I think Bush, a young man, is facing up to decades of trying to repair not his image, but his self-esteem. It hit that deeply.
In recent interviews that I've watched, Bush seems more introspective, more appreciative of the fact that he made a mess of things -- even if he'll deny the majesty of his bungles and blunders. I attribute this to the November 4 slap in the face. Rightly or wrongly placed as Bush's surrogate, had McCain made it close -- a tight race in the electoral college or the popular vote-- Bush would walk away with his head held high and his self-perceived dignity intact.
It is on this landscape that Bush surveys the damage he has done to American credibility and economic and military strength, and tries to repair the damage he has wrought.
If that is the case, if indeed Bush walks away from the past eight years a man broken of his hubris and braggadoccio, then this tiny baby step, too little and far too late, should be credited to him. A nip in his hide against the huge hole he has left in the flesh of humanity.
And if it is not the case, then it should be credited to Obama for forcing Bush's hand. We will not know, but history will be the final arbiter of that judgement.
I'm a liberal, and compassionate, and willing to believe the best in a man no matter how badly he's behaved. I'd like to believe Bush has learned his lesson.
Ravi Sandhu, director of the Institute for Cyber Security at the University of Texas at San Antonio, paints a bleak picture of the state of security research in academia.
Amit Yoran, the former cybersecurity czar at the Department of Homeland Security and a veteran security executive, joins Dennis Fisher to discuss the state of enterprise security, the Obama administration’s cybersecurity priorities and why information sharing between the government and private sector hasn’t worked.
