Sunday, March 31, 2013

Facebook


Datalogix: Has over 50% market share of the top 100 advertisers and over 90% of the top 50 digital media and ad tech companies. Today it has the world largest platform of 1:1 offline purchasing data and tracks over $1 trillion in consumer transactions in a wide range of retail settings.
Acxiom: Mainly collects data from financial services, insurance, information services, direct marketing, and federal, state and local government sector. 

Epsilon: Monitors social networking and online media sites to see what people are saying about a company, advises on markets to target, helps develop and maintain customer loyalty programs. 

Bluekai: Has created an actionable audience database on more than 300 million users (80% of the entire US Internet population). 

So what do these companies have in common? In February, Facebook announced partnerships with the above four companies. Facebook is moving into new area to combine its online data with its users and with their offline purchases. The goal is to create better targeted/relevant ads for Facebook users and its advertisers.

This means the lines between and our physical and digital self’s has been blurred.

For me this means I reveal more personal information without being able to opt-out. That isn’t necessarily bad in my opinion. If the data is used to make my shopping experience better, better product placement, more relevant products closer to the door that is better for me. However I doubt if I am the most targeted demography group so my shopping experience will stay the same. 

Will companies in the future offer private shopping as a feature for the discerning shopper? Right now I don’t feel this is a viable option. Maybe Lindsay Lohan will want a bit more privacy in her shopping habits and will be willing to pay for it. If so now privacy is a sellable retail item. It would be kinda funny seeing people in Target walking around in plain brown boxes to protect their identity. Funny as that would be I do see a market in the future where banks offer anonymous ATM/credit cards to number accounts to protect their clients identity. 

This can also work against me my last big purchase was a car a few months ago. I had gone to the dealership’s web site I bought the car from. In fact the dealers web site and his inventory of cars is one reason I went to his brick and motor store. If he is able to use my online digital profile and link it to my physical profile he can use my own information against me to get a better price for his car. I doubt if I can get the same information on his sales to use his sales data against him for the best price for me. Seems a bit unfair to me.

References:



Sunday, March 17, 2013

Front Range OWASP Conference 2013


Wow time goes fast. It’s been a while since I have updated my blog. I will be making an concentrated effort to get content out faster and on a more regular schedule.

At the end of March (28,29) I will be speaking and attending Front Range OWASP Conference 2013. I will be speaking on “A Demo of and Preventing XSS in .NET Applications”. This presentation will cover a variety of approaches toward preventing XSS vulnerabilities in .NET applications, including: (Microsoft's Web Protection Library/AntiXSS and OWASP's AntiSamy.NET project) and discovering XSS with CAT.Net and code reviews.

While XSS is not one of the most sophisticated exploits it is still one of the most common exploits found on the web today and can have real consequences. Meraki, a division of Cisco found that out from an analysis done by Nibble Security on one of Meraki’s  devices using the splash screen. Nibble Security realized the splash screen was designed to take HTML5 so each customer could customize it. This particular vulnerability revels how a trivial XSS flaw can be abused to subvert an entire network infrastructure (http://blog.nibblesec.org/2013/03/subverting-cloud-based-infrastructure.html). 


Resources: