Category Archives: Social Networking

  • 0

Are location services on mobile devices a good thing?

Category:Cyberstalking,Facebook,Infosec Communicator,Internet Safety,Social Networking Tags : 

I’ve always had mixed feelings about the location services (such as Google Latitude) offered by various mobile devices and by social networking sites. For example, is it a good thing to let people know where you are when you’re tweeting?

When we talk to the incoming first year class at RIT each fall, we talk about the potential danger of cyberstalking, illustrating it humorously through the Facebook Stalker YouTube video. We don’t try to over dramatize the danger, but we do want students to be aware of the possibility. (We also discourage placing phone numbers and addresses in Facebook and other social networking profiles.)

We saw some evidence of cyberstalking with our daughter in high school. She would post info about where she would be and one person showed up there consistently.

Are we overreacting to the potential danger? On a risk map, I would rate cyberstalking as a low-probability high-impact risk. Is cyberstalking something you worry about? Do any of you use these “location services” on your mobile devices or Tweet with your location? Why or why not?

Ben


  • 6

On the Eve of the Latest Facebook Privacy Fix

Category:Facebook,Information Security,Infosec Communicator,Internet Safety,Privacy,Risk,Social Networking Tags : 

Facebook is releasing its latest privacy fix on Wednesday, May 26. I don’t have high expectations for the new controls as Facebook has not shown any ability to make the controls user friendly, or really understand what their users want for privacy.

A much bigger issue is that we seem to have abrogated OUR responsibility to protect our private information.

Fundamentally, information security is about managing risk. ANY involvement in social networking increases the risk of something negative happening–whether it’s loss of privacy, cyberstalking, identity theft, embarrassment, etc. It’s up to us to manage the risk. We should not expect the same amount of privacy protection from a free service that we would get from a credit card company, hospital, etc.

Although Facebook, Google, LinkedIn are all provided “free” to us, that freedom comes with a price–reduced privacy and some tracking of our web habits.

It’s up to us what we choose to share on social networking sites. We agree to EULAs (end user license agreements) that we click through to get to the “good stuff.” We blithely provide requested personal details and install apps that ask for even more and that tell us up front that they may share our information. Do you have to publish your date of birth? Hometown? 20 favorite things? (I’m just waiting for the next Facebook posting asking us, “What’s your mother’s maiden name?” and urging us to send the posting to all of our friends!)

Yes, Facebook, Google, and the other social networking applications have a responsibility to protect our information. However, WE have the responsibility to share ONLY the information we choose.


  • 0

Safe(r) Use of Social Media: Facebook, Blogging, and Online Privacy

Category:Facebook,Infosec Communicator,Internet Safety,Privacy,Social Networking,Uncategorized

Concerns over Facebook privacy settings have increased steadily, with more and more mainstream media running stories about the issues. Although it is possible to more or less “lockdown” your privacy settings, Facebook makes frequent changes that may require you to review these settings on a regular basis. CNET recently discussed the controversy and suggested two tools to help determine and lockdown your current privacy settings. These tools include SaveFace (a browser helper tool) and a privacy scanning tool from ReclaimPrivacy.org.

I thought it would be useful to share some “safe practices” we created to help Rochester Institute of Technology students practice safer(r) social networking. (It’s never going to be completely Safe.)

Ben

Protecting Your Information: Safe Practices

Keeping your information out of the wrong hands can be fairly easy if you adopt a cautious attitude. Here are some tips to make sure your private information stays private.

Don’t Post Personal Information Online!
It’s the easiest way to keep your information private. Don’t post your full birth date, your address, phone numbers, etc. Don’t hesitate to ask friends to remove embarrassing or sensitive information about you from their posts either.

Use Built-In Privacy Settings
Most social networking sites offer various ways in which you can restrict public access to your profile, such only allowing your “friends” to view your profile. Of course, this only works if you only allow a few people to see your postings-if you have 10,000 “friends” your privacy won’t be very well protected. Your best bet is to disable all the extra options, and re-enable only the ones you know you’ll use. These best practices can be applied to any social networking or blogging website.

Be Wary of Others
Research by Sophos (2007) found that 41% of Facebook users were willing to befriend a plastic green frog named Freddi Staur (an anagram of ID Fraudster), subsequently revealing their personal information. Most sites do not have a rigorous process to verify identity of members so always be cautious when dealing with unfamiliar people online.

Search for Yourself
Find out what information other people have easy access to. Put your name into Google (make sure to use quotes around your name). Try searching for your nicknames, phone numbers, and addresses as well-you might be surprised at what you find. If you don’t want your content publicly searchable, many blogging sites have instructions on how to exclude your posts from appearing in search engine results using something called a “robots text file.”

What Happens on the Web, Stays on the Web

Before posting anything online, remember the maxim “what happens on the web, stays on the web.” Information on the Internet is public and available for anyone to see, and security is never perfect. With browser caching and server backups, there is a good chance that what you post will circulate on the web for years to come. So be safe and think twice about anything you post online.


  • 0

Protect Yourself Online–Anti-Phishing Toolbar

Category:Infosec Communicator,Internet Safety,Social Networking

Today I received an Alert from Google that my name had appeared online. (Being in information security breeds paranoia, so I’d set upĀ  a Google Alert for occurrences of my name online–and for the rest of my family as well!)

The Phishing Attempt

Here’s the Google Alert I received:

Ben Woelk (bwoelk) on Twitter
Infosec Communicator, Trainer and Policy Analyst at RIT. STC Rochester VP. Educause A&T co-chair. Community builder applying Web 2.0 to security awareness.
retwite-dot-appspot-dot-com/bwoelk

Curious to find out where my name had appeared and thinking that Google had alerted me about Twitter, I clicked on the link. (And yes, I really should know better!) Clicking on that link brought me to a site that looked exactly like my Twitter page, a potential phishing site. Or I should say, “almost brought me” to the site?

How did I know it was a phishing site and why didn’t I arrive there?

One indication that it’s a possible phishing site is the URL, which clearly is not Twitter.

The other indication was that my Netcraft Toolbar plugin on Firefox blocked access to the site and asked me to confirm that I wanted to go there. Here’s what the Netcraft Toolbar showed me when I tried to go to the site:

Netcraft warning message

Netcraft warning message

After I chose “No,” my browser window showed:

Netcraft blocked confirmation message

Netcraft blocked site confirmation message

Netcraft Toolbar Features

The toolbar also provided some information about the site itself. The diagram below (captured and edited with TechSmith Snagit 9.x), shows the information the toolbar provides:

Example of Netcraft Toolbar

Netcraft Toolbar at Twitter Homepage

Netcraft and Me

I’ve been using the Netcraft Toolbar for several years and have been pleased with its performance. It blocks known phishing sites and also provides you the opportunity to submit suspect sites to them for verification. If Netcraft decides that it is indeed a phishing site, it serves as a neighborhood watch group and blocks all Netcraft Toolbar users from reaching the site. Netcraft provides versions for both Internet Explorer and Firefox.

Highly recommended!

NOTE: There seems to be a good deal of discussion about whether retwite.appspot.com is really a phishing site or a proxy. Either way, the toolbar works in the same manner to protect from other reported phishing sites.

You may also want to visit the RIT Information Security Safe Practices webpage for more information about protecting yourself and others.


Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 2,235 other subscribers

Categories

Support Introverted Leadership on Patreon

Blubrry affiliate banner