Twitter activated vending machine - VIVA Eid Social Media Activity

[us_btn text="Follow me on instagram" size="18px" align="left" target="_blank" icon="fa fa-instagram" color="red" style="outlined" link="url:http%3A%2F%2Finstagram.com%2Factionscripter"]

What kids love the most about Eid?
It’s definitely not the food nor the new clothes… It’s the Eidiya? that they look forward to.

For you who doesn’t know what an Eidiya is, it is the money children receive from elder members of the family & their adult relatives on Eid, read more about it here Eid-ey-yah

How can we turn this traditional/religious event into a social media activity & mesh it with the real world? A twitter vending machine that will dispense gifts/Eidiya once a user follow the official twitter account of VIVA Bahrain?@VIVA_BH and tweets their favorite moments of Eid.

So how does it work?

All what is required is a data enabled smartphone & a public twitter account, parents had to follow the instructions on screen & it basically involves sending an Eid greeting tweet with #VIVAEidiya hashtag & a dynamic number that appears on screen.

Once the tweet is sent the, machine will look for that tweet & it will dispense a box that has Eidiya.

Different denominations (20,10. 8, 5, 3, 2, & .5 Bahraini Dinars) were placed randomly in the twitter vending machine, so no one would know how much is inside the box until they open it.

The video was shot @ Bahrain City Centre, the venue where the machine is/was placed at

This slideshow requires JavaScript.


Online Security Crash Course - Part 1

I am not a security expert nor a hacker, but I've had my share of attacks since 1996.

This post is surprisingly not about computer viruses or trojan horses, its rather about the internet & web application security which will help you understand the new/old trends hackers use to gain control or access to private personal information & how to secure yourself against them.

It's worth to note thatI wont be getting technical, this post is meant for the general internet users.

I'll split this post into two parts:

Part One

  • XSS & CSRF ( aka the twin evils )

Part Two

  • Wordpress Security & SQL Injection
  • Your router & the cafe's

 

XSS ( Cross Site Scripting )

Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user.

XSS Demonstrated

 

 

How does it look like?

www.examplesite.com/index.php?name=<script>window.onload = function() {var link=document.getElementsByTagName("a");link[0].href="http://not-real-examplesite.com/";}</script>

 

What harm does it do?
Depending on the payload & the exploitable site, WIth XSS an attacker can:

  • Steal your cookie & impersonate you
  • Friend an unknown friend
  • Like a page
  • Follow a stranger on twitter
  • Show a fake login page
  • Basically, perform any action

[box type="info"]Did you know that XSS is as old as the browser?[/box]

 

Real life story:
Samy is my Hero, In 2005 Samy Kamkar released the Samy worm, Execution of the payload resulted in a "friend request" automatically being made to the author of the virus and in messages containing the payload being left on the profiles of the friends of the victim.

 

Protection & Prevention:

  • Unfortunately, XSS is a website/code/server side attack, luckily modern browsers has basic protection against XSS attacks.
  • Also have a look at noScript
Firefox XSS warning

 

Read more about XSS http://www.veracode.com/security/xss

 

 

CSRF (Cross-Site Request Forgery)

CSRF is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated. With a little help of social engineering (like sending a link via email/chat), an attacker may force the users of a web application to execute actions of the attacker's choosing.

An attack could be embedded as an iFrame, a form or an image source (hidden) on popular sites.

[box type="note"]I'd describe it as a silent XSS, its a 100% genuine request coming from the victim's browser, no antivirus, web protection software or browser's filters that could detect this attack. [/box]

 

How does it look like?

<img src="https://bank.example.com/withdraw?account=myAccount&amount=1000000&for=EvilAccount">

Note: You won't be able to spot the code above in an attack as this lies in the coding part ( view HTML source )

What harm does it do?

  • Query A Bank Account Transfer
  • Add an email forwarder
  • Place an online order
  • Limitless activities

 

Real life story:

in 2007, Google suffered from a CSRF attack where the attacker could add a filter to forward emails to a specific/another email address (email forward), forwarding all emails that has attachments as an example.

[box type="alert"]When was the last time you checked email forwarders?[/box]

Protection:
You are on your own in this! As explained earlier CSRF attacks are way too legit for the web browser's filters to spot & stop this type of attacks, the site owner/developer should use a technique called (tokens) to stop this attack, there are of course several ways on doing so from the server side.

[box type="tick"]If you are done with your logged-in bank account session, just log out, the same goes to other sites & steer away from saving passwords [/box]

[box type="tick"]Try using two different browsers or (VM), one for sensitive web applications such as banks, email, social networks & one for general browsing.[/box]

Also try not clicking on links from untrusted resources & untrusted websites.

Read more about CSRF http://www.veracode.com/security/csrf

It's worth mentioning XHR (XMLHttpRequest) attacks, which leverage a surface for the attackers to inject various activities to the servers, carried from SQL injections to XSS, many known websites such as the BBC, Yahoo, PollDady, MySpace & more have suffered & still  suffering form this silent (sorta) attack.

[box type="alert"]What I have discussed is a little bit scary, silent attacks are not noticeable its not like someone have changed your email password or hacked your twitter account, the hackers gets the feed of your entire life without you knowing so.[/box]

 

Bonus content:  ClickJacking

 

Tune up for Part 2!

Resources:

  • http://en.wikipedia.org/
  • https://www.owasp.org
  • http://www.veracode.com/

Monitoring your brand online with mention - mention.net

I recorded the following quick screencast to show you how to Monitor your brand or certain keywords using mention.net 

 


how to approach twitter for business

The art of using twitter for business

Many social media resources suggests that you should invest more in your social media optimization programs, yet they don't tell you much about how to cater such platforms to your business needs, they would perhaps show you how to register a twitter account, put up a facebook fan page, a youtube channel & maybe show you some successful ( videos ) of campaigns ran by ?others.... but then what?

If you are a designer, lets say a web designer, you open up your sketch book to start brainstorming and putting ideas together to come-up with some sort of wireframes for the project you are working on.
but hang on you wont be able to do so without a sitemap - meh! In order to get a sitemap you'll have to dig out requirements from the stakeholders, having that in mind this will also help exploring your project's goals & objectives...

Before jumping in to the social media wildlife you should put yourself in the visitors shoe & think like a customer, what is it in for me to join, what is your value proposition? If you haven't thought of it yet then start gathering ideas on how to approach it...

get to know your customers & what do they really want.

I came across this lovely infographic what makes people want to follow a brand if you look close enough you'll notice that reasons are close & almost similar between facebook & twitter.

Using twitter for business is not limited to marketing and promotional activities, depending on the size of your business/organization?there are many ways that you could?utilize?twitter, different departments such as retention, HR, CSR can?benefit?from social media.

I have attended a social media forum in Abu Dhabi few years ago, and it seemed that everyone have agreed that there is not a single blue print on how to approach social media but now as I think of it there is actually a simple prototype which I have named "the 3 important pillars of social media marketing ":

 

? The outer circle represents the?categorized?type of tweets and the inner ones represents its activities?

  1. Sales & Marketing
    this could be anything from your marketing?activities?& programs, engaging social media campaigns such as hashtags or a simple boring push notification.
  2. Customer Centric
    Could span from customer support to news about your customers, a simple "how to's tips" or video screencasts would be nice to have as well.
  3. General Info
    PR related tweets, press releases, humanized interactions, personal info etc ...

 

The same can be applied to facebook however, you might need to consider a ?different interaction strategy since facebook & twitter are not the same & as a result you might find that your twitter audience are different from your facebook audience ... OK?I'll keep that for another post perhaps. :)

I'am all up for a discussion.

 


SproutSocial Review - A Social Media Monitoring tool

Sproutsocial - what is it?

it is an awesome social media monitoring tools that supports various social media platforms such as twitter, facebook & linkedin...

SproutSocial features:

  • Organize & access social networks in one place
  • Advanced search options, reach more customers, prospects & find what do they want
  • Get the tweet bubble history, get to know what was previously communicated
  • Analytics & advanced statistics
  • and much more.
Watch my review below ( I was editing the sound and I somehow managed to find a new voice ;) )
Funny that it was founded in 2009 but to me its?totally?new!


waze a socila mobile application

quicky post

And its coming soon to Bahrain!

have a look at the video guide & for more information visit waze.com


How IKEA used facebook as a showroom

Forsman and Bodenfors turns Facebook tagging into a promotional tool for the opening of Ikea's new store in Malmo, Sweden.

Forsman & Bodenfors came up with another innovative digital campaign for Ikea by turning one of Facebook's basic functions into a promotional tool, to promote the opening of the brand's Malmo outpost, its most modern store to date. Armed with little media budget, the agency came up with an unconventional Facebook campaign that started with a profile of the store's manager, Gordon Gustavsson. Gustavsson uploaded pictures of the store's showrooms to his photo album and any "friends" who tagged the products with their names then won those items.

Source: creativity online


Online advertising in Bahrain

We've all noticed the appearance of online advertising in our country/region which leads to the conclusion that business owners are now realizing the power of the digital medium and the channels behind it.
This also means that they are budgeting for online ad spending, that is on its own an increase in online ad spending in this region.

Unfortunately companies like Zain and Batelco are applying it the wrong way, im hereby discarding the IAB guidelines and standards and just talking common-sense.

we all know What Zain & Batelco are at least locally we do, and most of us will find a way to reach their website when we require more information about a certain product or service (7elow?) Depending on what we are looking for most of us again apply the scan method in combination with the?baby duck syndrome, that is on its own frustrating if the Information architecture wasn't done properly,? now lets concentrate on ads bits, shall we?

If you are a facebook user you might have came across couple of ads from both companies which looks like this.

A part from its being a "misleading ad" oh well the usual Zain, when you click the ad it takes you to the index of their website "BOOM" there you are infront of 7 or more navigation links to choose from and you have been there before.

So basically they have generated a generic traffic ( a part from awareness ) to their website, but what are they doing with that traffic?

i bet a bounce rate of 80% or more occurs on daily basis because they smack users with the same website, which is not directly related to the ad itself.

Here we notice the absence of microsites or and expendable banners were they can collect user information from the ad itself without the need to navigate away from ad location, or simply link the ad to the related product on the site itself ( worst case scenario ).
you can find out more on ad-format variations on eye-blaster website.

There are more issues related to their online presence if you look further into new trends such as RSS, opt-in email newsletters/marketing and proper social media optimization/engagement, did i mention that they are also using tables instead of divs ?oh well its all about time me thinks, what do you think?


#SAS microsite integration with facebook-globe of fortune

Smart move from SAS ( Scandinavian Airlines System ), the idea is simple from its name globe of fortune:
you get to Spin the globe ( yeah spin it ) ?and you might win a free trip to a Scandinavian destination with a random Facebook friend ?, you will of course require to give the site a facebook permission ( by signing in ) for it to select your friends, once a friend is selected you need to motivate SAS ( 200 char max ) why should you and your friend win.

snaps below Linkage here >>