Category Archives: Social Networking

  • -

Safe(r) Use of Social Media: Facebook, Blogging, and Online Privacy

Category:Facebook,Infosec Communicator,Internet Safety,Privacy,Social Networking,Uncategorized

Concerns over Facebook privacy settings have increased steadily, with more and more mainstream media running stories about the issues. Although it is possible to more or less “lockdown” your privacy settings, Facebook makes frequent changes that may require you to review these settings on a regular basis. CNET recently discussed the controversy and suggested two tools to help determine and lockdown your current privacy settings. These tools include SaveFace (a browser helper tool) and a privacy scanning tool from ReclaimPrivacy.org.

I thought it would be useful to share some “safe practices” we created to help Rochester Institute of Technology students practice safer(r) social networking. (It’s never going to be completely Safe.)

Ben

Protecting Your Information: Safe Practices

Keeping your information out of the wrong hands can be fairly easy if you adopt a cautious attitude. Here are some tips to make sure your private information stays private.

Don’t Post Personal Information Online!
It’s the easiest way to keep your information private. Don’t post your full birth date, your address, phone numbers, etc. Don’t hesitate to ask friends to remove embarrassing or sensitive information about you from their posts either.

Use Built-In Privacy Settings
Most social networking sites offer various ways in which you can restrict public access to your profile, such only allowing your “friends” to view your profile. Of course, this only works if you only allow a few people to see your postings-if you have 10,000 “friends” your privacy won’t be very well protected. Your best bet is to disable all the extra options, and re-enable only the ones you know you’ll use. These best practices can be applied to any social networking or blogging website.

Be Wary of Others
Research by Sophos (2007) found that 41% of Facebook users were willing to befriend a plastic green frog named Freddi Staur (an anagram of ID Fraudster), subsequently revealing their personal information. Most sites do not have a rigorous process to verify identity of members so always be cautious when dealing with unfamiliar people online.

Search for Yourself
Find out what information other people have easy access to. Put your name into Google (make sure to use quotes around your name). Try searching for your nicknames, phone numbers, and addresses as well-you might be surprised at what you find. If you don’t want your content publicly searchable, many blogging sites have instructions on how to exclude your posts from appearing in search engine results using something called a “robots text file.”

What Happens on the Web, Stays on the Web

Before posting anything online, remember the maxim “what happens on the web, stays on the web.” Information on the Internet is public and available for anyone to see, and security is never perfect. With browser caching and server backups, there is a good chance that what you post will circulate on the web for years to come. So be safe and think twice about anything you post online.


  • -

Protect Yourself Online–Anti-Phishing Toolbar

Category:Infosec Communicator,Internet Safety,Social Networking

Today I received an Alert from Google that my name had appeared online. (Being in information security breeds paranoia, so I’d set upĀ  a Google Alert for occurrences of my name online–and for the rest of my family as well!)

The Phishing Attempt

Here’s the Google Alert I received:

Ben Woelk (bwoelk) on Twitter
Infosec Communicator, Trainer and Policy Analyst at RIT. STC Rochester VP. Educause A&T co-chair. Community builder applying Web 2.0 to security awareness.
retwite-dot-appspot-dot-com/bwoelk

Curious to find out where my name had appeared and thinking that Google had alerted me about Twitter, I clicked on the link. (And yes, I really should know better!) Clicking on that link brought me to a site that looked exactly like my Twitter page, a potential phishing site. Or I should say, “almost brought me” to the site?

How did I know it was a phishing site and why didn’t I arrive there?

One indication that it’s a possible phishing site is the URL, which clearly is not Twitter.

The other indication was that my Netcraft Toolbar plugin on Firefox blocked access to the site and asked me to confirm that I wanted to go there. Here’s what the Netcraft Toolbar showed me when I tried to go to the site:

Netcraft warning message

Netcraft warning message

After I chose “No,” my browser window showed:

Netcraft blocked confirmation message

Netcraft blocked site confirmation message

Netcraft Toolbar Features

The toolbar also provided some information about the site itself. The diagram below (captured and edited with TechSmith Snagit 9.x), shows the information the toolbar provides:

Example of Netcraft Toolbar

Netcraft Toolbar at Twitter Homepage

Netcraft and Me

I’ve been using the Netcraft Toolbar for several years and have been pleased with its performance. It blocks known phishing sites and also provides you the opportunity to submit suspect sites to them for verification. If Netcraft decides that it is indeed a phishing site, it serves as a neighborhood watch group and blocks all Netcraft Toolbar users from reaching the site. Netcraft provides versions for both Internet Explorer and Firefox.

Highly recommended!

NOTE: There seems to be a good deal of discussion about whether retwite.appspot.com is really a phishing site or a proxy. Either way, the toolbar works in the same manner to protect from other reported phishing sites.

You may also want to visit the RIT Information Security Safe Practices webpage for more information about protecting yourself and others.


Categories