Friday, December 17, 2010

e-card Malware

I’ve gotten some e-cards this holiday season from organizations that I know, and you might even receive one from F5.  I just wanted to post a short reminder to be careful of these, especially if you get one from someone you don’t know.  This is, and has been for several years, one of cybercriminals favorite ways of distributing malware, infecting your computer and stealing your info.  Usually, the e-card arrives in your email with a link to view it online.  Once you click that link and visit the purported e-card site, you can become infected.  In fact, if you get one and don’t know the sender at all, I’d delete it right away.  Often you don’t need to visit a site to get infected since the payload might in the email itself.

The Better Business Bureau is also warning of another phishing scam with cybercriminals masquerading as a shipping company.  You’ll get an email with a tracking number in the subject line.  The note says that the package could not be delivered and asks the user to print the attached document.  At that point, if you do open the attachment, then a virus is installed on your computer.  There have also been charitable giving scams, coupon code scams, too good to be true sale scams and other rip-offs to swindle you of your money and sensitive info.

You might be thinking, ‘ahh, geeze – not another,’ but this is the time of year those cybercriminals like to prey on people’s holiday spirit and general preoccupation with with other things festive.  Keep anti-virus updated, use a firewall, be suspicious, use common sense and enjoy the holidays.

ps

Resources:

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_facebook[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Technorati Tags: F5, infrastructure 2.0, integration, cloud connect, Pete Silva, security, business, education, technology, application delivery, intercloud, cloud, context-aware, infrastructure 2.0, automation, web, internet, cybercrime, security, holiday shopping, identity theft, scam, email, data breach

Wednesday, December 15, 2010

2010 Year End Security Wrap

Figured I’d write this now since many of you will be celebrating the holidays over the next couple weeks and who really wants to read a blog when you’re reveling with family and friends.  It’s been an interesting year for information security, and for me too.  I started the year with New Decade, Same Threats? and wondered if the 2010 predictions of: social media threats, smarter malware/botnets, using the cloud for crime, financial DDoS, rogue software, Mac and Mobile malware, more breaches and a whole host of others would come through.  And boy did they. 

Social media was a prime target for crooks with the top sites as top targets.  Users were tricked to accepting and sharing friends that really weren’t friendly and social networks became a new hotbed for malware distribution.  As for malware, while many botnets and spam outfits got taken down this year, Stuxnet was certainly the most sophisticated piece of malware researches have seen in a while.  Targeting industrial & utility systems along with the ability to reprogram itself, no longer was it my single laptop or a company’s system that had a bull's-eye, although the initial infection is with those systems, it was nuclear facilities, oil refineries and chemical plants that were the ultimate objective. For Cloud Computing, was it Cloud 9 or Cloud Crime when it came to using the cloud for nefarious activities?  Many people thought that with the cloud offering a slew of computing power, that it would be a prime way to initiate an attack.  We really didn’t see much pertaining to ‘cloud breaches’ even though almost every survey throughout the year indicated that security in the cloud was everyone’s ichiban concern.  I covered many of these surveys in my CloudFucius Series, now playing in a browser near you.  This article talks about that, the reason we might not have seen much in the way of cloud specific breaches is that many of the data loss repositories do not differentiate between a cloud based and non-cloud attack.  In addition, cloud providers are not that willing to spill vulnerabilities that have led to crimes.  Share please. 

Banks and financial institutions were certainly targets this year, why wouldn’t they be, that’s where all the money is.  In one incident, about $3 million was stolen from various banks around the world using viruses and more than 100 crooks suspected of running the global cybercrime ring were arrested in the US and UK this September.  A 16 year old Dutch kid was arrested last week for a Distributed Denial of Service attack on the MasterCard and Visa websites.  And, merging malware, mobile and money stores, the ZeuS Trojan could infect a desktop, capture the user’s bank credentials next time they logged in to their financial institution, popped a dialogue box for the user to ‘include’ their mobile phone for SMS payments, send the phone a fake message & certificate for acceptance and then installed another Trojan on the phone to monitor messages via SMS.  Lots of trickery and luck to be successful but still a very scary exploit.  And if you think those mobile banking apps are secure, think again.  Just last month, a number of those apps were found to have serious vulnerabilities, flaws and holes.  Many of those apps have been patched in light of the research but as with any ‘new-ish’ type technology, mobile banking must be locked down before the masses adopt.  Too late now.

I wrote about corporate espionage both in Today’s Target: Corporate Secrets (2010) and The Threat Behind the Firewall (2009) and this year did not disappoint.  Social engineering or convincing someone to give up their info is alive and well but throughout 2010, employees stole secrets from the companies they worked for: Former Goldman Programmer Found Guilty of Code Theft, Greenback engineers guilty of corporate espionage, Ford secrets thief caught red handed with stolen blueprints, and SEC Bares Text of Inept Suspects As They Sold Disney Earnings Info To FBI AgentsThese insider events can often be more costly than an external breach.

This is by no means an exhaustive list of the breaches, attacks, vulnerabilities, hijacks, frauds, or other cybercriminal activities from 2010.  I’d probably be writing through the holidays to get them all.  These were just some of the things I found interesting when looking back at my initial blog entry for the year.  With 2011 being the Year of the Rabbit, just how much will cybercrimes multiply?

ps

Resources:

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1]  o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Technorati Tags: F5, infrastructure 2.0, integration, cloud connect, Pete Silva, security, business, education, technology, application delivery, intercloud, cloud, context-aware, infrastructure 2.0, automation, web, internet, cybercrime, security, holiday shopping, identity theft, scam, email, data breach

Thursday, December 9, 2010

Identity Theft Roundup

I’m on a ID fraud kick lately and there are quite a few stories of late about identity theft.  Here are just a few:

House Approves Red Flags Exemptions – In January 2008, the Red Flag Rule went into existence which said that organizations (mainly banks and financial institutions) that extend credit to have a written Identity Theft Prevention Program designed to detect identity fraud on a day to day basis.  This new bill would except certain businesses like physicians and hospitals from having to abide by the rule.  Sen. Dodd (D-Conn) said that the bill, ‘makes clear that lawyers, doctors, dentists, orthodontists, pharmacists, veterinarians, accountants, nurse practitioners, social workers, other types of healthcare providers and other service providers will no longer be classified as 'creditors' for the purposes of the Red Flags Rule just because they do not receive payment in full from their clients at the time they provide their services, when they don't offer or maintain accounts that pose a reasonably foreseeable risk of identity theft.’  So if you don’t have a foreseeable risk of ID theft, I guess you don’t have to pay attention.

Minn. man pleads guilty in ND identity-theft case – 20 felonies, 19 counts of ID theft, 1 theft charge and a 28 year old only gets a year in jail and 5 years probation.  He stole the SSN and names of 49 people.
Military at high risk for identity theft – Did you know that military personnel are required to use their SSN for silly things like checking out a basketball at a gym or to identify their laundry bag?  I didn’t and it is becoming a problem since most locations do not take ‘care’ of that personal info.

Fla woman stole identity, paid for breast implants – You might remember this one where a woman in Miami stole someone’s identity and used fake credit cards to get her fake, well, you know.  She also racked up $20,000 in new furniture.  She got 30 months in a federal pen for that one.  If you were wondering, she said she needed them since her old ones were giving her breathing problems.

Kent couple arrested for identity theft, prescription forgeries – While investigating a prescription forgery ring, Kent Police uncovered a nice little counterfeiting operation run out of an apartment building.  Since the suspect was a convicted felon with a firearm, SWAT arrived and took the couple without incident.  Wait, fake prescriptions here and a new law that says medical facilities can pass on Red Flag?  Hum.

Man arrested in financial identity theft – It’s not just strangers getting hit – here a 20 year old opened a credit card account in his grandparent’s names and just added himself as an authorized user.  $4000 worth of cigs, alcohol and electronic equipment later, he was in jail.

Queens D.A. Warns: Beware New ID Theft – At least in New York, thieves are using what’s called a ‘spoof card’ to get personal information.  Spoof cards are like calling cards but allows the caller to enter whatever number they want on the receiver’s caller ID.  Oh, a call from the bank.  They act/sound all authoritative on the phone and people spill the info.  This is a great opportunity to turn the tables – ask the caller to validate a piece of information.  To validate the caller, ask a couple questions that the bank usually asks you like, last transaction or first dog’s name.  Or, just say, ‘I’ll call you back at the number on your web site.’

ID theft alleged at Libertyville driver's license facility – A 22 year employee at an Illinois driver’s license facility gets caught giving other’s personal information to thieves.  Those thieves then opened credit card accounts with the info.  He’s facing 3 years in prison but shows just how slippery your personal info is in the hands of others.

More to come…

ps

Related:
twitter: @psilvas

Technorati Tags: F5, infrastructure 2.0, integration, cloud connect, Pete Silva, security, business, education, technology, application delivery, intercloud, cloud, context-aware, infrastructure 2.0, automation, web, internet, cybercrime, security, holiday shopping, identity theft, scam, email, data breach

Friday, December 3, 2010

Synthetic Identity Theft: The Silent Swindler

As a brief follow up to yesterday’s Got a SSN I Can Borrow, I came across this story from The Red Tape Chronicles saying the odds that someone else has used your Social Security Number is One in 7.  ID Analytics, a data collection and customer behavior analytics firm, works with organizations, including the US Social Security Administration, to detect Identity-Based fraud; separating the true customers from the impostors.  They’ve analyzed 290 million Social Security numbers and found that 40 million of those numbers have been connected to more than one name; basically, 40 million of us are sharing identities with someone else.  They also indicated that 6% of the total population, or 20 million Americans, have multiple SSNs associated with their name.  Often, it might just be an incorrect entry or typo into a system, but it can also be when criminals apply for credit at multiple banks changing 1 digit with each application – around 20% are deliberate misrepresentations.  When the system propagates either the error or intentional entry, that second SSN is forever associated with the individual and thus Synthetic.  Synthetic Identities are created when an unassigned number gets attached to someone and a new entity is created within the credit system.  Some people have 4-5 SSNs connected to their name and 5 million SSNs are connected to three or more people. 

Synthetic Identity Theft is typically when a criminal uses either totally fake or a mixture of fake and real information to create a new identity.  Usually, a fraudster will use a real SSN with a fake or different name that is associated with that number.  Synthetic Identity Theft is difficult to track, detect and report since individuals are usually not aware it is occurring since it doesn’t appear on a credit report and because a combination of names, addresses, SSNs and so forth are used, it is usually does not match up with a single, individual consumer to claim fraud.  Most go unreported and become ‘charge-offs’ within the financial institution well before anyone is aware of the problem.

Protect yourself by shredding mail and sensitive documents since thieves will dig through trash to find pieces of information they can use; review your Social Security benefits booklet every year to check if the income reported is actually what you made; and stay on top of your credit, reporting any discrepancies.  The free AnnualCreditReport.com is the official site to help consumers to obtain their free credit report each year.  I tend to grab all three at once since I subscribe to a credit monitoring service, but if you don’t – stagger each of three reporting agencies reports throughout the year to see any changes since the last credit file disclosure.  If necessary, you can also put a Security Freeze on your credit report.  Finally, don’t give out your Social Security number if you don’t have to – if someone asks, like a doctor’s office, just respectfully decline.  I have never had a problem telling someone that I prefer not to give out that sensitive information.  Heck, you could probably even say you’ve been a victim of Synthetic Identity Theft.

ps

Related:
twitter: @psilvas

Technorati Tags: F5, infrastructure 2.0, integration, cloud connect, Pete Silva, security, business, education, technology, application delivery, intercloud, cloud, context-aware, infrastructure 2.0, automation, web, internet, cybercrime, security, holiday shopping, identity theft, scam, email, data breach

Thursday, December 2, 2010

Got a SSN I can Borrow?

Apparently, I can use my own name and your Social Security Number to get a job or buy a car and it is not an identity theft crime.  Really.  This is according to a recent Colorado Supreme Court ruling.  They ruled that, ‘that using someone else’s Social Security number is not identity theft as long as you use your own name with it.’  Seriously.  The case in question involved a man who used his real name but someone else’s Social Security number to obtain a car loan.  The court said that since he used his real name, along with other identifiable pieces of information, he wasn’t trying to impersonate someone else.  The SSN info was just the ‘lender’s’ requirement and not a ‘legal’ requirement.  The defendant said that he fully intended to pay the loan back and wasn’t trying to avoid the bills.  There was another case where a man used a fake SSN to get a job at a steel plant in Illinois.  He presented a Social Security card with his name but a fake SSN.  Since he didn’t know that the number was fake and belonged to another person, the US Supreme Court ruled that he also didn’t break any federal ID theft laws since he did not ‘knowingly’ use another person’s number.  He just ‘borrowed’ it.  He could have just written 9 random numbers that may or may not have been tied to someone’s identity or he could have bought it from a broker, not knowing it was either fake or stolen.

These decisions contradicted previous rulings in Missouri, California, the Midwest, the Southeast and many other regions.  It also left folks scratching their heads wondering just what were the courts thinking.  Their logic is that, ‘(The suspect) claimed that the government could not prove that he knew that the numbers on the counterfeit documents were numbers assigned to other people….The question is whether the statute requires the government to show that the defendant knew that the ‘means of identification’ he or she unlawfully transferred, possessed, or used, in fact, belonged to ‘another person.’ We conclude that it does.’  I understand that there is a fine legal line between malicious intent and an uninformed accident but if you make up a number or obtain it by improper means, it’s still fake, false and fraudulent.  I also understand that there are criminal organizations that prey on immigrants who might not fully understand the ramifications and are told that it is legitimate.  We’ve all, at some point, been lured, duped or convinced that something we were obtaining was the real thing.  We’re told with great conviction that it is authentic and because we want to believe, we do.  When the truth is exposed, the ‘I didn’t know’ defense is obviously the most common and very well might be the honest answer.  Maybe because I focus on Information Security and a bit skeptical myself, I also gotta believe that there’s that little nudge, intuition or feeling in your belly telling you that something isn’t right.  I know because I’ve ignored that gut-check and got burned.  Just because something is ‘not-illegal’ does not make it the right thing to do. 

I’m not claiming to be a Mr. Goody-Two-Shoes and have certainly made my fair share of mistakes along with doing things I know to be wrong, legal or not.  I also know that always acting in the ‘proper’ way or doing the ‘right’ thing is difficult sometimes.  That’s what makes us human.  We might seek the easiest, least complicated and sometimes slightly unethical way of accomplishing something.  Sometimes we have to break the law to ensure the safety of others – like speeding to the Emergency Room if your wife is giving birth or a person is bleeding to death – but those are extenuating circumstances and doesn’t necessarily cause harm to others; unless, of course, you run somebody over on the way to the hospital.  There are victims with this SSN borrowing since the real person may not ever know that their information was used since it won’t show up on a credit report.  The trouble starts when a loan or tax payment is missed and by then, it’s too late.  The courts have had difficulty over the years trying to interpret certain laws as technology whizzes by but, at least in the States, our Social Security Number is one of our unique, primary identifiers and should be protected.  Incidentally, BIG-IP ASM does have a cool feature called Data Guard that can mask sensitive data from being leaked from the web application.  Data Guard helps protect against information leakage like the leakage of credit card or Social Security numbers.  Instead of sending the actual data to the client, ASM can respond by replacing the sensitive data with asterisks, or block the response and sending out an alert.  You can also decide what ASM should consider as sensitive: credit card numbers, Social Security numbers, or responses that contain a specific pattern.

ps

Related:

twitter: @psilvas

Technorati Tags: F5, infrastructure 2.0, integration, cloud connect, Pete Silva, security, business, education, technology, application delivery, intercloud, cloud, context-aware, infrastructure 2.0, automation, web, internet, cybercrime, security, holiday shopping, identity theft, scam, email, data breach

Wednesday, December 1, 2010

Audio White Paper: Data Center Consolidation: Know Where You’re Going and Why

Effective consolidation means more than simply reducing the number of boxes your company has in outlying offices and data centers.  Efforts to reduce hardware infrastructure often result in degraded application performance—and thus unplanned expenditure—as it becomes necessary to optimize the infrastructure. F5’s open architectural framework allows real control over your network to ensure applications are delivered exactly as intended.  Running Time: 25:04  Read full white paper here.  And click here for more F5 Audio.

ps
twitter: @psilvas
Technorati Tags: F5, infrastructure 2.0, integration, cloud connect, Pete Silva, security, business, education, technology, application delivery, intercloud, cloud, context-aware, infrastructure 2.0, automation, web, internet, data center

Monday, November 22, 2010

Giving Thanks for the Hackers, Crackers and Thieves

This holiday season, give you friendly neighborhood hacker (black or white hatted) and nice pat on the back.  ‘Why?’ you may ask.  ‘Aren’t they responsible for the nasty botnets, malware, SQL injections, stolen identities, government infiltration, Stuxnet, and all the malicious things you warn against in this very blog?’  Yes, but over the years it’s been the very same folks attempting to and successfully gaining access to systems to infect, steal, snoop and causing general havoc that have made security better.  All the new variants of worms, viruses, trojans or the all encompassing ‘malware’ force security professionals to stay alert, review risks and come up with solutions to thwart such attacks.  It is a great battle of wits in this game of chess that’s played out over the internet.  Patch one hole, find another; lock one system, infiltrate another; fix one vulnerability, expose another.

As an aside, I’m using the term ‘hacker’ to mean both the good and the bad.  In the media, the term hacker has grown to mean someone with bad intentions who breaks into computers with malicious intent, but within the programming world, it’s also considered a compliment.  A hacker is just someone with exceptional computer skills that can, essentially, make a system do what they want.  Even the term ‘hack’ can be good and bad; a compliment or insult.  If you ‘hack’ something with criminal intentions, then it is bad but if you come up with a clever way or a brilliant ‘hack’ to accomplish something, then you are praised.  Both break the rules - either the law or the accepted way of doing something.

Over the years, while software firms, financial institutions, retailers, travel outlets, ISPs and others would deny the fact that there might be something wrong or a vulnerability within their code, systems and infrastructure, it would be the ‘hacker’ that would prove to the world and force the manufacturer to both admit and fix the weak link.  As the years have passed and the hackers are often proven right, companies now (to some extent) welcome the insight of how to make their products more secure.  ‘Welcome’ might not be the most accurate term but there is less denial and more acceptance, with quicker fixes, patches and other remedies.  They have also made the individual user more aware of the things that might harm their computers and compromise their identity.  They have made the casual user more savvy to avoiding those pitfalls, tricks and methods to steal personal information.  They have taught us to be more careful about the links we click, the things we publish on social media sites and how we navigate the internet.  Imagine how open

If you haven’t figured it out by now, there has always been the Great Battle between Good and Evil – those who want to help and those who want to hurt; those with good intentions and those with bad; those with kindness and those who are cruel.  Granted, it is not as black and white as depicted and there are many, many grey areas when it comes to doing what is right.  If the bad guys have, by their actions, forced providers to bestow better solutions and make us, as users, safer, then have at it!  With anything, if you can pull whatever good out of a bad situation and learn from it, then you are living a fruitful life – and that, you should be thankful for.

ps

Related:

twitter: @psilvas

Technorati Tags: F5, infrastructure 2.0, integration, cloud connect, Pete Silva, security, business, education, technology, application delivery, intercloud, cloud, context-aware, infrastructure 2.0, automation, web, internet, cybercrime, security, holiday shopping, identity theft, scam, email, data breach

Wednesday, November 17, 2010

Best Day to Blog Experiment – The Results

Last week I did a little experiment to determine what is the best day of the week to blog, Monday thru Friday, that is.  I’ve come across many stories about when is the best day/time to get the most readership exposure from a blog post and I posted a blog entry every day last week to conduct my own little brief, non-scientific experiment.  So what is the best day to blog?  Depends.  Monday, Wednesday or Thursday all had the best results but in some cases, it depended on the post location.  I even waited until mid-week to post these results, based on last week’s experiment.   My primary blog is on F5’s DevCentral community site but I also push content out to WordPress, Blogger, Posterous, PodBean and Ulitzer.  I usually track through Google analytics but some sites have their own statistical reporting.  So let’s get to the charts.

 

DevCentral subtext results

This first one shows the results of my DevCentral blog from Subtext, a popular open source blogging platform.  Here, Thursday was easily the winner but Monday also drew a good crowd.  I also think Thursday might have been higher due to folks checking out the previous days they may have missed.  I’ve noticed that when doing a blog series, if you include the previous entries as reference, those get good traction days after their initial post.

 

google blog week 

Next is the Google Analytics results of the same DevCentral blog.  They count slightly differently but you can see that Thursday was still the most popular day by a smidgen, with the rest of the week holding it’s own along with the expected Friday drop.  That’s one thing I can say with certainty is that Friday wasn’t the best day to blog.  My weekly visits were up 22% which was somewhat expected and bounce rate down.  One benefit of blogging every day.

 

wordpress

This chart is from my Wordpress blog and as you can see, mid-week were all equal and contradicted the rest of the locations and my previous paragraph about Friday being slow.  Here, Friday was the most attended day.  It seemed people were catching up since there were reads on Friday of the previous day’s entries.

 

image

These are the numbers from Ulitzer (sys-con) and they keep the same trend – Monday and Thursday doing well with Tuesday sneaking in the middle.  Historically I’ve done most of my posts on Tuesday or Wednesday but am now thinking that more like Wednesday or Thursday might be slightly better.  I’m going to keep looking at these over the next few months.

 

podbean blog week

This chart is from Podbean, yet another location that I syndicate to.  I also host my Audio Whitepapers on Podbean.  Once again, Thursday wins with Wednesday and Monday following.  Seeing a trend yet?

 

image

And finally Posterous – which is actually a pretty cool blogging platform and also hosts a bunch of Audio, Video and other multimedia types.  This one bucks the trend but these are overall views rather than just the daily, which might explain Monday being on top since it had been out there longer.

Conclusion?  For me, during this very limited experiment it is clear that Thursday or Monday receive the most reads with Tuesday and Wednesday holding their own.  I’d probably have to watch over weeks and months to clearly say which day is the best but this is a start.  I’m not sure if the content was any better or worse for each day but next time, I’m going to try posting every day with various topics, not a ‘This is a Test’ blog every day.  Regardless, I got some interesting data and hope this helps you when determining when to post.  You might be wondering why I’m not waiting until tomorrow (Thursday) to post this since the data indicates I’ll have more traffic.  One, I didn’t want to wait; two, this was ready to go today and; three, one of the main things I came away with is that it if you have interesting, timely, engaging content, it really doesn’t matter when you post.  We blog because we enjoy it.  We blog because want to share something interesting.  We blog to provide insight about the latest news, whatever that might be.  We blog to engage in a conversation with our social community.  We blog because it is kinda fun – and having fun in life, no matter what day of the week is important to our existence.  Thanks for playing along and participating in my first annual ‘Best Day to Blog Experiment.’  You, the readers, make this blog enjoyable.

ps

Related:

twitter: @psilvas

Technorati Tags: blog,social media,monday,music,statistics,blog traffic,web traffic,best day to blog,best day to publish,analytics,silva

Monday, November 15, 2010

Audio White Paper: Delivering Virtual Desktop Infrastructure with a Joint F5-Microsoft Solution

The benefits of moving to a virtual desktop infrastructure can easily be negated by an unreliable or poorly performing implementation. A joint F5-Microsoft solution can improve performance, increase reliability, and enable the seamless scalability of a Microsoft VDI implementation.  Running Time: 26:05  Read full white paper here.  And click here for more F5 Audio.

 

ps

twitter: @psilvas

Technorati Tags: vdi, microsoft F5, infrastructure 2.0, integration, cloud connect, Pete Silva, security, business, education, technology, application delivery, intercloud, cloud, context-aware, infrastructure 2.0, automation, web, internet,

Posted via email from psilva's prophecies

Friday, November 12, 2010

The Best Day to Blog Experiment - Day 5

This is a test of the Emergency Blogcast System. The blogger in your area has developed this test to keep you informed in the event of a blog abnormality.  If this had been an actual blog emergency, you would have been offered a highlighted link to click for further instructions. This concludes this test of the Emergency Blogcast System.

If you missed the past week, welcome to The Best Day to Blog Experiment and thanks for your participation, I do appreciate it.  I’m conducting a brief, non-scientific experiment.  The idea was to blog everyday this week, track the results and report back.  This is Day 5, the last day of the experiment and so far Day 1 (Monday) got some good traction, Day 2 (Tuesday) grew with a 6.5% jump in visits over Monday, Day 3 (Wednesday) was down 4% from Tuesday but still had a decent showing and Day 4 (Thursday) was up 5% over Wednesday.  It pretty much follows the same pattern as other ‘best day’ studies have shown.

Friday, the end of the school and work week in many countries and even has it’s own catch phrase – TGIF.  For those superstitious folks, there’s an interesting anomaly about Friday according to Wikipedia, ‘The use of the Gregorian calendar and its leap year system results in a small statistical anomaly, that the 13th of any month is slightly more likely to fall on a Friday than any of the other six days. The figures are 688/4800 (43/300) which is .1433333..., being greater than 1 in 7 by just 0.3%.’  Friday blog entries still get attention and statistically get about the same as a Monday post.  What I did find interesting, is this study (pdf) from Carnegie Mellon which found that if efficiency is your goal, the very best day to read a blog is Friday.  They say that the logic might be that since bloggers tend to blog less often on Friday, the content that is posted might be more focused and informative – either that or there is less to choose from and you find the really good ones.

Since it is Friday, I’m not going to babble on about blog traffic and just get right to the ‘Songs about the Day,’ a recurring theme for this blog experiment.  All week, I’ve used The Y! Radish’s blog about ‘songs with days in the title’ and he has a decent Top 10 list for every day, including Friday.  But for today, I found another list from PopCultureMadness which lists a bunch of Friday songs.

  • Another Friday Night - Chris Knight
  • Another Friday Night - Embrace Today
  • Black Friday - Steely Dan
  • Every Friday Afternoon - Craig Morgan
  • Every Other Friday At Five - Trace Adkins
  • Freaky Friday - Aqua
  • Freaky Friday Baby One More Time - Bowling For Soup
  • Friday - Autograph
  • Friday - Bowling For Soup
  • Friday - Daniel Bedingfield
  • Friday - Ice Cube
  • Friday - J.J. Cale
  • Friday - Joe Jackson
  • Friday Child - Nancy Sinatra
  • Friday Face - Richie Spice
  • Friday Fun - The Donnas
  • Friday I'm In Love - The Cure
  • Friday Night - Click Five
  • Friday Night - The Darkness
  • Friday Night - Kids From Fame
  • Friday Night - Lily Allen
  • Friday Night - McFly
  • Friday Night - The Monarchs
  • Friday Night Blues - John Conlee
  • Friday Night In Dixie - Rhett Atkins
  • Friday Night On A Dollar Bill - Huelyn Duvall
  • Friday Night Saturday Morning - The Specials
  • Friday On My Mind - David Bowie
  • Friday On My Mind - Easybeats
  • Friday On My Mind - Gary Moore
  • Friday Street - Paul Weller
  • Friday You Said Goodbye - Jerry Cox
  • Friday's Angels - Generation X
  • Get 'Em Out By Friday - Genesis
  • Good Friday - Guttermouth
  • Good Mourning/Black Friday - Megadeth
  • It's Finally Friday - George Jones
  • Keep Their Heads Ringin' (It's Friday) - Dr Dre
  • Living It Up (Friday Night) - Bell and James
  • Monday Like A Friday - Andre Nickatino & Equipto
  • Mr. Friday Night - DJ Cally
  • One February Friday - Frankie Goes To Hollywood
  • Party People... Friday Night - 911
  • She Left Me On Friday - Shed Seven
  • Thank God It's Friday - R. Kelly

ps

Related:

twitter: @psilvas

Technorati Tags: blog,social media,monday,music,statistics,blog traffic,web traffic,best day to blog,best day to publish,analytics,silva

Thursday, November 11, 2010

The Best Day to Blog Experiment - Day 4

If you missed the past three days, welcome to The Best Day to Blog Experiment; you are now a participant.  If you are a returning reader, thanks for your participation and for the first time readers, I’ve come across many stories about when is the best day/time to get the most readership exposure from a blog post and I’m doing my own little brief, non-scientific experiment.  The idea was to blog everyday this week, track the results and report back.  Mahalo for becoming a statistic, and I mean that in the most gracious way.  This is Day 4 of the experiment and so far Day 1 (Monday) got some good traction, Day 2 (Tuesday) grew with a 6.5% jump in visits over Monday while Day 3 (Wednesday) is down 4% from Tuesday but still a decent showing – plus my week is up 37% over the previous. 

Thursday, is the day before Friday and NBC’s ‘Must See TV’ for many years.  As with Wednesday, the name comes from the Anglo-Saxons to signify that this is Thunor's or Thor’s day.  Both gods are derived from Thunaraz, god of thunder.  Supposedly, Thursday is the best day to post a blog entryThis article (different from the last link) also says that, ‘between 1pm and 3pm PST (after lunch) or between 5pm and 7pm PST (after work) are the best times…and the worst time to post is between 3 and 5 PM PST on the weekends.’  Those articles have a bunch of charts showing traffic patterns to indicate that this is the day.  There is some wonder about this, however.  Yesterday I mentioned that it might not be the actual day at all, but about knowing when your audience is visiting and making sure content is available before they arrive.  Also, if you are only worried about traffic stats and how many subscribers you have, rather than timely engaging content, then you would worry about dropping words on a certain day.  If you are creating insightful material, then the readers will find you no matter what day you post.  Danny Brown points out that with social media tools like Digg, Stumbleupon and Reddit, and sharing sites like Facebook and Twitter, the blog post can live much longer than the initial push. 

There’s also a distinction between a personal and business blog.  With a personal blog, much of the focus is sharing ideas or writing about some recent personal experience.  I realize that’s an oversimplification and there’s much more to it than that, but the day you post might not really matter.  With a business blog, often you are covering a new feature of a product, how some new-fangled thing impacts a business, reporting on a press release and basically extending the company’s message.  In this case, timely blogs are important since your audience might be looking for just that – how to solve something today or to understand the ramifications of some new regulation or other areas of interest.  It’s important for a company to get a jump on these stories and show thought leadership.  Also, depending on your industry, most of your colleagues will also be on the Mon-Fri work schedule and you want to catch them when they are digging for answers.  Of course, this is not set in stone but is the prevailing notion of those who cover ‘blogging.’  Personally, I only write what would be considered a business blog for F5 Networks with a focus on Security, Cloud Computing and a bit about Social Media but cover just about whatever I feel is appropriate, including pop culture.  As a writer and a human, my experiences are gathered over time and influenced by both my upbringing and professional endeavors.  I try to bring a bit of who I am rather than what I do to my posts and typically write when inspiration hits. 

Going back to Danny Brown for a moment, he notes that it’s the writer who makes the blog and we do it because we like it.  Communicate with your readers, share with the community and write engaging content and you’ll have visitors and readers no matter what day of the week it gets posted.

If you’ve followed this mini-series, you’ll know that ‘Songs about the Day’ is a recurring theme during this blog experiment.  All week, I’ve used The Y! Radish’s blog about ‘songs with days in the title’ and for the 4th time in as many days, I’m ‘lifting’ his list for songs about Thursday

Top 10 Songs About Thursday

   1. Thursday - Asobi Seksu 
   2. Thursday - Morphine
   3. Thursday - Country Joe & The Fish
   4. Thursday The 12th - Charlie Hunter
   5. Thursday's Child - Eartha Kitt
   6. Thursday - Jim Croce
   7. Thursday's Child - David Bowie
   8. (Thursday) Here's Why I Did Not Go To Work Today - Harry Nilsson
   9. Sweet Thursday - Pizzicato Five
   10. Jersey Thursday - Donovan

I know it’s a stretch but my favorite Thursday song is God of Thunder – KISS.

ps

Related:

twitter: @psilvas

Technorati Tags: blog,social media,monday,music,statistics,blog traffic,web traffic,best day to blog,best day to publish,analytics,silva

Wednesday, November 10, 2010

The Best Day to Blog Experiment - Day 3

If you missed the past two days, welcome to The Best Day to Blog Experiment; you are now a participant.  For the first time readers, I’ve come across many stories about when is the best day/time to get the most readership exposure from a blog post and I figured I’d do my own little brief, non-scientific experiment.  The idea is to blog everyday this week, track the results and report back next week.  Thanks for becoming a statistic.  Yesterday, I noted that it was important to have a good opening line to grab your readers, yet I’ve repeated this exact opening 3 days in a row.  I’m wondering if this will have any influence on the results.  I guess that’s part of the test – follow the rules, break the rules and see what happens.  I’m now on Day 3 of the experiment and so far Day 1 (Monday) actually got some good traction and Day 2 (Tuesday) is trending well with a 6.5% jump in visits over Monday.  Bounce Rate and Time on Site are also in the positive day over day.  I’m tweeting the post(s) a couple times a day to catch folks all over.  I do this sometimes, especially if I post late in the day – I’ll tweet the link out early the next morning hoping to catch readers who might have missed it the previous afternoon or re-tweet late in the day if I’ve posted very early.  Oh and by the way, I really want to thank those of you who are playing along at home – without you, I’d have no data. 

Welcome to Wednesday, hump-day, mid-week and originally Woden’s Day, for the Anglo-Saxon god Woden.  Wednesday is also a very good day to post a blog according to a few reports and it happens to be one of the more likely days that a reader would comment.  Like Tuesday, posting mid-week allows readers to find the entry even if they miss the initial syndication.  I’ve read that both Tuesday and Thursday are the best days to post a blog, so sitting in the middle of the two should garner results, right?  Lorelle VanFossen, who writes about blogging says that sometimes it isn’t about when you post but it’s about when the most people visit your blog.  She notes that while certain days do draw more viewers in general, knowing when the best day/time to post is more about understanding which day of the week your traffic levels will be highest and making sure content is available during those times or; post your ‘most poignant’ content during that window.  Another interesting angle is that we train our audience when to show up, so the actual day might not matter.  If you blog every day and your readers have been trained to watch for it daily, when you miss a few days without notice, folks wonder what happened.  I’ve mentioned that I usually post either on Tuesday or Wednesday and I’m guessing that is when my readers ‘look’ for content.  It makes sense then, that a post on Friday probably won’t (and it hasn’t) gain views since my regular readers are not looking for it then.  If they do come across it, it might not get the depth or engagement since the weekend is right around the corner.  I’ll be watching for that 2 days from now.  It’s interesting so far that what started as a simple test to determine the best day to blog, has generated more observations and additional questions along the way – meaning, things I didn’t consider at the start are becoming interesting to watch as this moves along.

The recurring part that’s also been fun is adding ‘Songs about the Day’ as a theme during this blog experiment – thinking it might be the one consistent part that ties this series together.  All week, I’ve used The Y! Radish’s blog about ‘songs with days in the title’ and am going to once again ‘lift’ his list for songs about Wednesday

Top 10 Songs About Wednesday

   1. Wednesday Morning, 3 A.M. - Simon & Garfunkel
   2. Ash Wednesday - Elvis Perkins
   3. Wednesday - Tori Amos
   4. Wednesday Week - The Undertones
   5. Wednesday - Drive-By Truckers
   6. Wednesday Night Prayer Meeting - Charles Mingus
   7. Wednesday Morning - America
   8. (April) Spring, Summer, And Wednesdays - Status Quo
   9. Wednesday Night Waltz - Chet Atkins
   10. Wednesday Week - Elvis Costello

and my favorite Wednesday song: It's Only Wednesday – Crash Kings

ps

Related:

twitter: @psilvas

Technorati Tags: blog,social media,monday,music,statistics,blog traffic,web traffic,best day to blog,best day to publish,analytics,silva

Tuesday, November 9, 2010

The Best Day to Blog Experiment - Day 2

If you missed yesterday’s blog entry, welcome to The Best Day to Blog Experiment; you are now a participant.  As I mentioned just one day ago, I’ve come across many stories about when is the best day/time to get the most readership exposure from a blog post and I figured I’d do my own little brief, non-scientific experiment to see.  The idea is to blog everyday this week, track the results and report back next week.  Thanks for becoming a statistic. Smile 

Tuesday, which can feel like a Monday to some folks – just read those Facebook entries – is typically a good day to blog and gain readership.  The Monday blues are gone and folks are really getting into their work week.  The day that you post can have a big impact on how many folks will read it.  Tuesday is the day I usually post since I read that Tuesday is the best day to post a blog.  It wasn’t in that linked article but I couldn’t find the original story claiming such.  I can say that I’ve had good success posting on Tuesdays.  I try to get it up early enough in the day to catch East coast readers and usually no later than 2pm PST.  Posting on Tuesday allows readers an entire week to catch/find it along with time to bookmark, comment and respond to comments before the weekend – when traffic drops off.  Depending on your blog topic, the weekend is usually a very slow time for blog readership, except for sports and other ‘weekend’ related events.  The one advantage, as noted by Darren Rowse, is that it might be easier to crack the front page of Digg since there is less competition.  Tuesday is also the most active day for RSS feeds, according to this story, which is a few years old.  I looked for more recent stats regarding RSS with limited success but the notion (at least in 2005) is that since RSS is busy, then blogs are getting read – either a perusal or full engagement.

I alluded on Day 1, that the topic and content needs to be interesting, engaging and timely.  You need a good title as a hook along with an inviting opening to draw your readers deeper.  Not sure I’m accomplishing that with this test since the titles will be identical throughout the week, except for the ‘day’ notation.  That’ll be interesting to watch – if similar titles still draw viewers or they’ll think that it’s the one they read the day before.  Maybe they’ll just think I’m lazy but I do believe I’ve had some decent titles over the years.  Who can complain about, The New Certificate 2048 My Performance, A is for Application, J is for Jacked, Dumpster Diving vs. The Bit Bucket or Yelling ‘WebApp Firewall’ in a Crowded Data Center.  Blogs also need a point – why else would you read it?  A good title and opening line with junk after, only makes your bounce rate jump.  I usually try to include some bit of info that the reader can use today or relate it to a common scenario we’ve all faced.  When writing about information security, sometimes it’s beneficial or easier to understand when explained in a manner that everyone, not just IT admins, would understand.  I guess that’s it for today’s inclusion since it is 9:30am PST and I want to get this out.  Day 1 got posted around 12:30pm PST and I want to stagger the times over the week to test that too.

Many radio stations around the country use Tuesday to play double-shots of our favorite artists and dub it ‘Two-for-Tuesday.’  I’ve somehow shoved ‘Songs about the Day’ as a theme during this blog experiment – thinking it might be the one consistent part that ties them together.  We’ll see.  Yesterday I used The Y! Radish’s blog about Monday songs and am going to ‘lift’ his list again for songs about Tuesday.

Top 10 Songs About Tuesday

   1. Ruby Tuesday - The Rolling Stones
   2. Tuesday's Gone - Lynyrd Skynyrd
   3. Tuesday Afternoon (Forever Afternoon) - The Moody Blues
   4. They Call It Stormy Monday (But Tuesday's Just As Bad) - T-Bone Walker
   5. On A Tuesday In Amsterdam Long Ago - Counting Crows
   6. Tuesday Heartbreak - Stevie Wonder
   7. Tuesday's Dead - Cat Stevens
   8. Tuesday Morning - Michelle Branch
   9. Tuesday Morning - The Pogues
   10. Tuesday At Ten - Count Basie

ps

Related:

twitter: @psilvas

Technorati Tags: blog,social media,monday,music,statistics,blog traffic,web traffic,best day to blog,best day to publish,analytics,silva