Brave New World of Security Vulnerabilities and Public Relations Responses to a Crisis

There is a new and significant security problem in the wild with Microsoft Internet explorer.  I am not writing about the security of it, rather the timeline and the public relations and crisis communications response. 

The first indication was NOT from someone in the Microsoft communications group, rather it was their well known blogger scoble.  From his blog on December 28, 2005

Microsoft customer warning: Bad exploit in Windows

It’s interesting, I was just talking with Hitachi’s blogger and CTO about what to do in a crisis. Here’s one thing. Warn your customers. That’s what I’m doing here. We’re seeing a bad exploit being reported on blogs and other places.

and

Update: the Security Response Center is working on this. They have a blog, but haven’t posted about this issue yet.

So late last night, December 28th, I get my SANS email security alert.  (SANS is a must in the security community – your government does some things that really do help)

—–Original Message—–
From: US-CERT Technical Alerts [mailto:technical-alerts@us-cert.gov]
Sent: Wednesday, December 28, 2005 7:38 PM
To: technical-alerts@us-cert.gov
Subject: US-CERT Technical Cyber Security Alert TA05-362A — Microsoft Windows Metafile Handling Buffer Overflow

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA1

Microsoft Windows Metafile Handling Buffer Overflow
http://www.us-cert.gov/cas/techalerts/TA05-362A.html

Just to check, I went to what I consider to be the logical place for a security update which is http://windowsupdate.microsoft.com/ and there is no update (OK, they are still working on it I guess) but most surprising is there is NO MENTION OF THE SECURITY PROBLEM.

The BAD news.  The main corporation is not reacting quickly or logically enough, the government was slower than a blogger issuing a relevant security alert.  Note the screen shot doesn’t just say "nothing found" it doesn’t even hint at impending doom if I don’t come back soon.

The GOOD news, the GREAT news is that Scoble works for Microsoft.  He didn’t have to ask permission, he just did the right thing and notified thousands of a potential security problem with his company’s products.  He acted with good crisis communication skills and he did it as part of the Internet conversation.  No big brother required.  This is a net positive for Microsoft in my book from a PR perspective, assuming they fix it in a timely manner.

Maglite goes LED and I am OK with that Branding Shift

Yes, I confess, I am a huge fan of the Al Ries, Jack Trout, Laura Ries thoughts on marketing, branding, and brand extensions (egad!).  But somehow Maglite introducing LED lights works for me, I am excited about it and I LIKE the Maglite brand as part of the LED world.  I buy it and WILL buy it no problemo.

So first here is the Ries position on Kodak and film versus digital cameras (as a counter point – just being fair and all….)

What about Kodak, they don’t focus on any one product or market?

Kodak bought Sterling drug, including Bayer drugs and pharmaceuticals and in essence became an unfocused company. In the last few years they have gotten out those businesses and focused on imaging products. But there are two types of imaging products, photographic and digital. At the moment, most of their business is photographic. But the future is going to be digital. Kodak is making a serious error by putting their photographic name on their digital products. What they need is a separate name for their digital products.

And here is the Maglite post on MAG-LED Technology.  For some reason I buy the putting the same brand on both.  I don’t view LED lights as a completely new category.  Just a better way to make a darn flash light that doesn’t go dead when you drop it.

We are pleased to report that Mag will soon be adding MAG-LED™ flashlights to its product line.

If these products have been a long time coming, it’s because the MAG-LED™ Technology has taken a long time to develop to the point where it is feasible to make an LED flashlight that meets Mag Instrument’s high standards of quality, durability, style and function.

Now, after years of research & development, testing and refinement, Mag Instrument is committed to introducing, in early 2006, a line of MAG-LED™ flashlights. Like Mag’s incandescent-lamp flashlights, these newest members of the Maglite® flashlight family will have the style, performance, benefits and features that both professionals and consumers have come to expect from a Maglite® flashlight, including the fact that they are built for a lifetime of service. The Maglite® design tradition will be instantly recognizable in them, and they will offer the beam-focusing capability that has always been a feature of Mag® flashlights, AND MORE!

Again, thank you for your interest in Mag Instrument and its products. We look forward to the rollout of the MAG-LED™ flashlights in the near future.

Sincerely,
The Maglite Team

So this is all do-able marketing and branding news.  I don’t view it as a brand extension; we will all ignore the Mag-LED moniker and just call the darn thing a Maglite anyway.  What I *really* want is the green laser LED version for snipe hunting.

Social Software Visualization Continued – Japanese Stock Market Visualizer

This image is a continuation of a somewhat obsession with visualization of social interactions.  In this case; brutal free markets in action in the form of the Japanese stock market. 

I included in the screen shots images from the we-make-money-not-art web site because they too are using weighted lists and different visualization methods to compress three dimensional concepts effectively into small spaces.

I was also linked today this "animusic" site which uses computers to animate music with creative elements like pogo sticks playing instruments.  Somehow it almost works.

Visit http://www.animusic.com/dvd-info-clips-2.html for more on music visualization.

Spencer Critchley – 10 Journalism Tips For Bloggers…

Citizen journalism is exciting, and certainly is the “man of the year” for public relations professionals.  But that doesn’t mean they don’t need a kick in the pants when it comes to professionalism.  Sure, threaten to replace MSM, but only if you are ready to step up the level of professionalism.  And that is where the edler statemen step in like Spencer Critchley’s post:

10 Journalism Tips For Bloggers, Podcasters & Other E-Writers

by Spencer Critchley
Dec. 5, 2005

1. Respect the value of people’s time.
2. Have a strong focus, and relate everything to it.
3. Look for the heat in your subject.
4. Whatever your subject, write about people, physical objects and actions.
5. Use plain speech, and talk like a real person.
6. Avoid adjectives and adverbs wherever possible.
7. Opinions are not facts, even your opinions.
8. Identify your sources.
9. Identify interests.
10. Fact-check.

The above is a very abbreviated excerpt, I strongly recommend reading the entire post on how bloggers can improve their communication skills.

Blogometer – Staying within the boundaries of a corporate message is pure non-sense

(regarding bloggers) "Staying within the boundaries of a corporate message is pure non-sense."

and

“If your employees are releasing confidential information, that’s not a blogging problem. It is a more general problem. It’s called incompetence.”

and perhaps the best reality sound bite (byte?) is:

"Kick off party won’t do. Bloggers increase costs, and increase risks. You need to have a real plan in place."

http://engrm.com/blogometer/2005/12/16/big-blogging/ (via Scoble)