Posts Tagged ‘Facebook’

Geo-tagging photos can lead to cyberstalkers finding you

Facebook logo

Image via Wikipedia

When you take a photo of yourself in your house and then post it via Facebook or twitpic, you assume that no one will really know where you are taking that picture. Well, you may be wrong. Social media security is in a very nascent development stage. There are a number of theats already to social media such as malicious applications in Facebook or trojans in shortened URLs that the average user does not know about or where to turn to for advice.

A new threat could be giving up your location when you post a picture from inside your house. A team of scientists dicovered that with some smartphones, a user’s latitude and longitude can be attached tothe picture you post in the metadata. That’s pretty scary. See the news story ” Tips to Turn Off Geo-Tagging on Your Cell Phone”  (http://abcnews.go.com/Technology/celebrity-stalking-online-photos-videos-give-location/story?id=11443038) “Many people are not aware of the fact that there are geotags in photos and videos,” said Gerald Friedland, one of the scientists.

A website that has been setup to show the dangers of this capability is www.icanstalku.com. So what can you do about this? Do you want to be stalked?  ON the IPhone, go to Settings, General, then Location Services and disable the applications you do not want to use Geo-tagging, such as Camera.

Regards

Gary Bahadur

www.kraasecurity.com

blog.kraasecrity.com

888-572-2911

Enhanced by Zemanta

Facebook’s new security features and the Zuckerberg hacking incident

This past week was eventful for Facebook and for Mark Zuckerberg. The Facebook page was hacked as first reported by Techcrunch ““Let The Hacking Begin” Declares Person Who Hacked Zuckerberg’s Facebook Fan Page”  (http://techcrunch.com/2011/01/25/zuckerberg-fan-page-hack/) . The message left on the page was:

“Let the hacking begin. If facebook needs money, instead of going to the banks, why doesn’t Facebook let its users invest in Facebook in a social way? Why not transform Facebook into a ‘social business’ the way Nobel Price winner Muhammad Yunus described it? http://bit.ly/fs6rT3 What do you think? #hackercup2011”

Facebook then said it was a “bug” as reported by the BBC “Facebook blames bug for Zuckerberg ‘hacking’” (http://www.bbc.co.uk/news/technology-12286377). Well I guess they can speak to Microsoft about “bugs” and letting their software be hackable. Not much more was explained.

One other interesting event that was also news with Facebook was the launch of their encrypted login process as reported by the Huffingtonpost “What Facebook’s New Security Features Mean For You”. This has actually been around for a while but not published. What does this mean? Well when you go to Facebook.com now, just go to https://www.facebook.com.  The “https” will allow you to have your login encrypted so the guy sitting next to you in Starbuck and capture your traffic on the wireless network and steal your login ID and password by running Firesheep or other sniffing program. You can also do this with many social networking sites even though they do not publicize it.

To turn on this feature automatically go to “Accounts” -> “Account Setting” -> “Account Security” -> “Change” and select “Browse Facebook on a secure connection (https) whenever possible”. If you have never played with the Privacy Setting you should probably check those out as well. Stop sharing everything about yourself with “Everyone”!

Facebook privacy settings

Facebook privacy settings

Gary Bahadur

CEO KRAA Security, baha@kraasecurity.com

http://www.kraasecurity.com

http://blog.kraasecurity.com

http://twitter.com/kraasecurity

*Vulnerability Management

*Compliance & Police Development

*PGP Security

*Free Website Security Test

Enhanced by Zemanta

Tips to Avoid Confidentiality Issues When Using Social Networking Media

Social media sites have gained popularity in the past ten years as a medium to keep in contact with loved ones, business associates and friends. However, there can be drawbacks to the usage of said media when one is employed in certain career fields, such as the healthcare industry. Utilizing social media networks can inadvertently give way to the sharing of confidential patient information with people that may not have a need to know which would then cause the company to violate HIPAA Security Rule compliance.

Social media applications are not just a part of one’s personal lifestyle; this has also become incorporated in the corporate climate. Many places use these applications for marketing, file sharing, communication, and employee recruitment. While these applications can open up a great many doors of communication, some type of guidance or governance is necessary. Because banning the use of such sites is most likely unenforceable or impractical, a hospital or other such entity that must shield private information should at least ask or force their employees to adhere to some Social Media Policy guidelines.

For instance, when utilizing social networking sites, one should use separate passwords for the different sites, as an individual can easily hack all of one’s accounts if they know the one password. A security breach of one account could snowball. Passwords should be complex and change every 90 days. Accessing social media sites should be over SSL and only from trusted network connections, not coffee shops especially for business purposes!

In the case of company documents or patient information, if it isn’t found on the company’s web page it probably should not be posted elsewhere. There are sites that exude a feeling of privacy and security, but are far from it. Allowing one’s corporate information security team to determine what sites are acceptable is the best option.

Another thing one should not do is post his or her own identifying information publicly, such as date of birth, his or her social security number, or an employee ID number. If a site requires this information, 1) it is most likely not a reputable site, and/or 2) one could make something up or ensure that it is not going to be displayed in a profile that will be public.

Some information may not be considered confidential; yet not posting these items to public social media sites is probably a good idea. This can include anything from rumors, to purchases the company plans on making, anything about the technology one’s company uses or will use, and any projects the individual may be working on.

So in one’s personal endeavors, it is most beneficial to all involved if confidential information, or information that could be considered secret, stays out of the hands of the public. Follow practical posting guidelines and do not share more information than is necessary in corporate social media activities.

Gary Bahadur

CEO KRAA Security, baha@kraasecurity.com

http://www.kraasecurity.com

http://blog.kraasecurity.com

http://twitter.com/kraasecurity

*Managed Security Services

*Vulnerability Management

*Compliance & Police Development

*PGP Security

*Free Website Security Test

Enhanced by Zemanta

Tips to Avoid Confidentiality Issues When Using Social Networking Media

Social media sites have gained popularity in the past ten years as a medium to keep in contact with loved ones, business associates and friends. However, there can be drawbacks to the usage of said media when one is employed in certain career fields, such as the healthcare industry. Utilizing social media networks can inadvertently give way to the sharing of confidential patient information with people that may not have a need to know which would then cause the company to violate HIPAA Security Rule compliance.

Social media applications are not just a part of one’s personal lifestyle; this has also become incorporated in the corporate climate. Many places use these applications for marketing, file sharing, communication, and employee recruitment. While these applications can open up a great many doors of communication, some type of guidance or governance is necessary. Because banning the use of such sites is most likely unenforceable or impractical, a hospital or other such entity that must shield private information should at least ask or force their employees to adhere to some Social Media Policy guidelines.

For instance, when utilizing social networking sites, one should use separate passwords for the different sites, as an individual can easily hack all of one’s accounts if they know the one password. A security breach of one account could snowball. Passwords should be complex and change every 90 days. Accessing social media sites should be over SSL and only from trusted network connections, not coffee shops especially for business purposes!

In the case of company documents or patient information, if it isn’t found on the company’s web page it probably should not be posted elsewhere. There are sites that exude a feeling of privacy and security, but are far from it. Allowing one’s corporate information security team to determine what sites are acceptable is the best option.

Another thing one should not do is post his or her own identifying information publicly, such as date of birth, his or her social security number, or an employee ID number. If a site requires this information, 1) it is most likely not a reputable site, and/or 2) one could make something up or ensure that it is not going to be displayed in a profile that will be public.

Some information may not be considered confidential; yet not posting these items to public social media sites is probably a good idea. This can include anything from rumors, to purchases the company plans on making, anything about the technology one’s company uses or will use, and any projects the individual may be working on.

So in one’s personal endeavors, it is most beneficial to all involved if confidential information, or information that could be considered secret, stays out of the hands of the public. Follow practical posting guidelines and do not share more information than is necessary in corporate social media activities.


Gary Bahadur

CEO KRAA Security, baha@kraasecurity.com

http://www.kraasecurity.com

http://blog.kraasecurity.com

http://twitter.com/kraasecurity

*Managed Security Services

*Vulnerability Management

*Compliance & Police Development

*PGP Security

*Free Website Security Test

Enhanced by Zemanta

Social Media Warfare: Are you attacking or defending?

Image representing Facebook as depicted in Cru...
Image via CrunchBase

Is there such a thing as Social Media Warfare? We have had cyber warfare going on for years now. So it should be an obvious “YES” that Social Media warfare exists. But is that true?  To get to a full blown war opposing sides go through an escalation process. Where are we in this process? From a pure cyber warfare perspective, we are in world war three, many opposing sides, lots of new and improved weapons, completely escalating attacks and no end in sight. Companies are used to conducting vulnerability management and risk assessment. This new war will require new tactics and defense strategies.

I think we have seen the first skirmishes of the war. It started with all the spammers morphing their tools into Facebook and Twitter hacking. Then moving into phishing. Then into negative attacks on your reputation by disgruntled customers and competitors. So what is the progression of this coming war? Is there a similarity to how “normal” cyber  warfare started? But why is this war inevitable?

The attack vectors in the Social Media War are probably categorized into personal use and corporate use. If these are the assets that needs to be protected, we can then figure out how the assets will be attacked, how will the enemies do reconnaissance, what alliances will be formed and what should be the defense strategies and weapons for defense.

The progression of of this war will follow different patterns and there is probably no end in sight.

Action Personal Corporate
Skirmish Home users receiving spam and phishing attacks and scams Corporate users seeing more phishing attacks, attackers going through Linkedin profiles
Protest Actions Users might complain to attorney generals, or write nasty messages about Microsoft Adobe or Apple security weaknesses The IT department is inundated with help desk calls. Companies have the ability to complain to ISPs or event countries about originating attacks.
Negotiations There really isn’t anyone to negotiate with. Writing on your Facebook wall will not do a darn thing. Companies definitely do not want to negotiate. But will see blackmail more and more.
Failed Negotiations The home user is bascially screwed anyway. Succumbing to blackmail will only lead down a bad path.
Declaration of War This is a defacto state with the home user. They are at war whether they know it or not. Companies have to take a proactive approach to security versus reactive. Anticipate the next types of attacks and have a budget to address it.
Launch Attacks and Defend More defend, get your anti-spyware, antivirus, personal firewalls and encryption up to speed. But after that, understand how attackers use Social Media. Spend massive amounts of money on understanding how so fight in the Social media landscape, security hardware and software are not enough.
Allies Join the War The home user can only rely on the Social media companies for basic security. Their will be more collaboration between companies and governments. Perhaps together they have a fighting chance. Regulations are also going to force changes.
Years of Conflict – Never Ending Whats the next thing after Facebook and Twitter? Whatever it is will have its own security challenges. But by that time the home user will probably have given out every bit of personal information on all the Social Media venues anyway. A company can only rely on the right process to secure their social media usage. As technologies change and new sites go live, a good process and social media security policy is all you can rely on.
Winner The ISP, they get to sell bandwidth. The VCs who fund companies like Facebook and Twitter.

I will get into more tactics in the coming war in future posts.

Gary Bahadur

CEO KRAA Security,  baha@kraasecurity.com

http://www.kraasecurity.com

http://blog.kraasecurity.com

http://twitter.com/kraasecurity

*Managed Security Services

*Vulnerability Management

*Compliance & Policy Development

*PGP Security

*FREE Website Security Test

Enhanced by Zemanta
online pharmacies +|- cialis price comparison