Posts Tagged ‘Social network service’

Geo-tagging photos can lead to cyberstalkers finding you

Facebook logo

Image via Wikipedia

When you take a photo of yourself in your house and then post it via Facebook or twitpic, you assume that no one will really know where you are taking that picture. Well, you may be wrong. Social media security is in a very nascent development stage. There are a number of theats already to social media such as malicious applications in Facebook or trojans in shortened URLs that the average user does not know about or where to turn to for advice.

A new threat could be giving up your location when you post a picture from inside your house. A team of scientists dicovered that with some smartphones, a user’s latitude and longitude can be attached tothe picture you post in the metadata. That’s pretty scary. See the news story ” Tips to Turn Off Geo-Tagging on Your Cell Phone”  (http://abcnews.go.com/Technology/celebrity-stalking-online-photos-videos-give-location/story?id=11443038) “Many people are not aware of the fact that there are geotags in photos and videos,” said Gerald Friedland, one of the scientists.

A website that has been setup to show the dangers of this capability is www.icanstalku.com. So what can you do about this? Do you want to be stalked?  ON the IPhone, go to Settings, General, then Location Services and disable the applications you do not want to use Geo-tagging, such as Camera.

Regards

Gary Bahadur

www.kraasecurity.com

blog.kraasecrity.com

888-572-2911

Enhanced by Zemanta

Facebook’s new security features and the Zuckerberg hacking incident

This past week was eventful for Facebook and for Mark Zuckerberg. The Facebook page was hacked as first reported by Techcrunch ““Let The Hacking Begin” Declares Person Who Hacked Zuckerberg’s Facebook Fan Page”  (http://techcrunch.com/2011/01/25/zuckerberg-fan-page-hack/) . The message left on the page was:

“Let the hacking begin. If facebook needs money, instead of going to the banks, why doesn’t Facebook let its users invest in Facebook in a social way? Why not transform Facebook into a ‘social business’ the way Nobel Price winner Muhammad Yunus described it? http://bit.ly/fs6rT3 What do you think? #hackercup2011”

Facebook then said it was a “bug” as reported by the BBC “Facebook blames bug for Zuckerberg ‘hacking’” (http://www.bbc.co.uk/news/technology-12286377). Well I guess they can speak to Microsoft about “bugs” and letting their software be hackable. Not much more was explained.

One other interesting event that was also news with Facebook was the launch of their encrypted login process as reported by the Huffingtonpost “What Facebook’s New Security Features Mean For You”. This has actually been around for a while but not published. What does this mean? Well when you go to Facebook.com now, just go to https://www.facebook.com.  The “https” will allow you to have your login encrypted so the guy sitting next to you in Starbuck and capture your traffic on the wireless network and steal your login ID and password by running Firesheep or other sniffing program. You can also do this with many social networking sites even though they do not publicize it.

To turn on this feature automatically go to “Accounts” -> “Account Setting” -> “Account Security” -> “Change” and select “Browse Facebook on a secure connection (https) whenever possible”. If you have never played with the Privacy Setting you should probably check those out as well. Stop sharing everything about yourself with “Everyone”!

Facebook privacy settings

Facebook privacy settings

Gary Bahadur

CEO KRAA Security, baha@kraasecurity.com

http://www.kraasecurity.com

http://blog.kraasecurity.com

http://twitter.com/kraasecurity

*Vulnerability Management

*Compliance & Police Development

*PGP Security

*Free Website Security Test

Enhanced by Zemanta

Tips to Avoid Confidentiality Issues When Using Social Networking Media

Social media sites have gained popularity in the past ten years as a medium to keep in contact with loved ones, business associates and friends. However, there can be drawbacks to the usage of said media when one is employed in certain career fields, such as the healthcare industry. Utilizing social media networks can inadvertently give way to the sharing of confidential patient information with people that may not have a need to know which would then cause the company to violate HIPAA Security Rule compliance.

Social media applications are not just a part of one’s personal lifestyle; this has also become incorporated in the corporate climate. Many places use these applications for marketing, file sharing, communication, and employee recruitment. While these applications can open up a great many doors of communication, some type of guidance or governance is necessary. Because banning the use of such sites is most likely unenforceable or impractical, a hospital or other such entity that must shield private information should at least ask or force their employees to adhere to some Social Media Policy guidelines.

For instance, when utilizing social networking sites, one should use separate passwords for the different sites, as an individual can easily hack all of one’s accounts if they know the one password. A security breach of one account could snowball. Passwords should be complex and change every 90 days. Accessing social media sites should be over SSL and only from trusted network connections, not coffee shops especially for business purposes!

In the case of company documents or patient information, if it isn’t found on the company’s web page it probably should not be posted elsewhere. There are sites that exude a feeling of privacy and security, but are far from it. Allowing one’s corporate information security team to determine what sites are acceptable is the best option.

Another thing one should not do is post his or her own identifying information publicly, such as date of birth, his or her social security number, or an employee ID number. If a site requires this information, 1) it is most likely not a reputable site, and/or 2) one could make something up or ensure that it is not going to be displayed in a profile that will be public.

Some information may not be considered confidential; yet not posting these items to public social media sites is probably a good idea. This can include anything from rumors, to purchases the company plans on making, anything about the technology one’s company uses or will use, and any projects the individual may be working on.

So in one’s personal endeavors, it is most beneficial to all involved if confidential information, or information that could be considered secret, stays out of the hands of the public. Follow practical posting guidelines and do not share more information than is necessary in corporate social media activities.

Gary Bahadur

CEO KRAA Security, baha@kraasecurity.com

http://www.kraasecurity.com

http://blog.kraasecurity.com

http://twitter.com/kraasecurity

*Managed Security Services

*Vulnerability Management

*Compliance & Police Development

*PGP Security

*Free Website Security Test

Enhanced by Zemanta

Tips to Avoid Confidentiality Issues When Using Social Networking Media

Social media sites have gained popularity in the past ten years as a medium to keep in contact with loved ones, business associates and friends. However, there can be drawbacks to the usage of said media when one is employed in certain career fields, such as the healthcare industry. Utilizing social media networks can inadvertently give way to the sharing of confidential patient information with people that may not have a need to know which would then cause the company to violate HIPAA Security Rule compliance.

Social media applications are not just a part of one’s personal lifestyle; this has also become incorporated in the corporate climate. Many places use these applications for marketing, file sharing, communication, and employee recruitment. While these applications can open up a great many doors of communication, some type of guidance or governance is necessary. Because banning the use of such sites is most likely unenforceable or impractical, a hospital or other such entity that must shield private information should at least ask or force their employees to adhere to some Social Media Policy guidelines.

For instance, when utilizing social networking sites, one should use separate passwords for the different sites, as an individual can easily hack all of one’s accounts if they know the one password. A security breach of one account could snowball. Passwords should be complex and change every 90 days. Accessing social media sites should be over SSL and only from trusted network connections, not coffee shops especially for business purposes!

In the case of company documents or patient information, if it isn’t found on the company’s web page it probably should not be posted elsewhere. There are sites that exude a feeling of privacy and security, but are far from it. Allowing one’s corporate information security team to determine what sites are acceptable is the best option.

Another thing one should not do is post his or her own identifying information publicly, such as date of birth, his or her social security number, or an employee ID number. If a site requires this information, 1) it is most likely not a reputable site, and/or 2) one could make something up or ensure that it is not going to be displayed in a profile that will be public.

Some information may not be considered confidential; yet not posting these items to public social media sites is probably a good idea. This can include anything from rumors, to purchases the company plans on making, anything about the technology one’s company uses or will use, and any projects the individual may be working on.

So in one’s personal endeavors, it is most beneficial to all involved if confidential information, or information that could be considered secret, stays out of the hands of the public. Follow practical posting guidelines and do not share more information than is necessary in corporate social media activities.


Gary Bahadur

CEO KRAA Security, baha@kraasecurity.com

http://www.kraasecurity.com

http://blog.kraasecurity.com

http://twitter.com/kraasecurity

*Managed Security Services

*Vulnerability Management

*Compliance & Police Development

*PGP Security

*Free Website Security Test

Enhanced by Zemanta
online pharmacies +|- cialis price comparison
canadian pharmacy viagra ;:." buy cialis soft