I can take or leave most infographics on the web, but this one caught my eye.

I’m probably not far off when I say internal communications can often be a struggle at most of our institutions. Whether it’s a consistent voice, a set schedule, or just getting approval from everyone who needs to approve a message, internal communications is a challenge.

I found this infographic by Newsreaver  interesting in the way it looks at the strategy and measurement of internal communications.

Have a look. Click for a full-size version. It’s a big one.

IC_Strategy_And_Measurement_Infographic

Sql_Injection_LoginSQL injection is one of the most typical ways web applications and online platforms can be compromised. It doesn’t matter the language either – badly formatted, non-filtered code is easy to write in PHP, ASP.net, and so on.

SQL injection is a way for an attacker to gain access to your database by sending malformed queries through a web form or service that gets data from a database. Since most web applications talk to database, it’s not hard to find a website that has some sort of connectivity and thus is ripe for attack. Once an attacker finds a vulnerable form, it can be exploited to not only return sensitive information, but also offer a way for the attacker to gain access to the system to perhaps upload a file they can then access via a browser to own your machine.

As you can see in the video below, it’s very easy for attackers to visit your site, app, or platform and try to exploit your data. If you’ve never seen how this type of attack works, or just how easy it is to write code that’s insecure, have a watch:

What can you do?

There have been books written about how to write safe and secure code, but as a starting point, please make sure that if you access user input and then perform any type of data search with it, you filter and escape it to not allow bad characters through.

Second, validate that input to ensure only the type of data you are asking for is being entered in your eventual SQL query. If you are asking for a number, do a check that the data the user has entered is indeed a number.

This is only the tip of the iceberg, but will hopefully set you down the path of writing code if you currently aren’t using these techniques. There are many places to start, but OWASP is always a good resource. They have a page dedicated to preventing SQL injection techniques and attacks.

On June 1, Instagram put into effect changes in their API that have life more difficult for brands who manage content on their feeds and who often re-post user-created content.

Regrammed photo from @JohncarrolluI manage my University’s Instagram account, and have found apps like Repost to be very useful in my managing of our account. By tieing into the Instagram viewing API, I could easily see photos from students and campus groups we follow, or photos that have tagged us and then reshare them, with proper credit of course. This type of tool has made life easier for me to quickly and easily share content on our account.

Though announced late last year, Instagram has changed their API, especially their photo stream reading API, taking away access to the user’s photo stream. Since December, all apps accessing Instagram’s API must be approved and their access carefully reviewed. This is the recent update from Instagram:

Instagram Platform and documentation update. Apps created on or after Nov 17, 2015 will start in Sandbox Mode and function on newly updated API rate-limits and behaviors. Prior to going Live, and being able to be used by people other than the developers of the app, these apps will have to go through a new review process. Please read the API documentation or the Change Log for more details.

Any app created before Nov 17, 2015 will continue to function until June 1, 2016. On that date, the app will automatically be moved to Sandbox Mode if it wasn’t approved through the review process. The previous version of our documentation is still available here.

On one level, it makes sense: Instagram wants users browsing photos through their apps, not third-party apps. This way, Instagram can show users ads and integrate new features like the new, mostly disliked algorithmic feed. For the unscrupulous users, apps like Repost make it easy to steal and repurpose content, but that’s not the focus of this post.

Apps like Repost have had it difficult. If they are/were straight-up reposting apps like the one I used, they have had their access taken away or severely limited. Some have closed or pulled their apps, others have reworked their apps to still give some of the functionality they were offering, albeit nowhere near as easily as they did before. Gramfeed has pivoted to become Picodash, and will focus on the enterprise market.

Now, users must see a post they want to share in the Instagram app itself, select the sharing URL, and then open their reposting app, paste that URL into it, and then select the type of watermark they want to use. Then it saves the photo to the photostream and takes you back to Instagram to complete the posting process.

I feel this negatively affects smaller brands like ours who can’t afford the mega-enterprise tools some brands use to monitor, maintain, and share content to their fans. Tools like Repost were a nice workaround and made our lives just a little easier. I’ve written about the challenges of maintaining a brand on Instagram before, and changes like this continue to make the experience a frustrating one.