Social Media Security Podcast 35 – Facebook News Feed Psychology, Complex Passwords, Dumb Criminals

This is the 35th episode of the Social Media Security Podcast sponsored by SecureState and the Streetwise Security Zone.  This episode was hosted by Tom Eston and Scott Wright recorded July 17th 2014.  Below are the show notes, links to articles and news mentioned in the podcast:

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  Don’t forget  to subscribe to the podcast in iTunesfollow us on Twitter and like us on Facebook.  Thanks for listening!

Social Media Security Podcast 34 – Facebook Privacy, LinkedIn Scammers, Naughty Employees

This is the 34th episode of the Social Media Security Podcast sponsored by SecureState and the Streetwise Security Zone.  This episode was hosted by Tom Eston and Scott Wright recorded June 18th 2014.  Below are the show notes, links to articles and news mentioned in the podcast:

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  Don’t forget  to subscribe to the podcast in iTunesfollow us on Twitter and like us on Facebook.  Thanks for listening!

Social Media Security Podcast 33 – Heartbleed, Hashtag Fail, Social Impersonation

Guess what? We’re back!  This is the 33rd episode of the Social Media Security Podcast sponsored by SecureState.  This episode was hosted by Tom Eston and Scott Wright recorded May 15, 2014.  Below are the show notes, links to articles and news mentioned in the podcast:

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  Don’t forget  to subscribe to the podcast in iTunesfollow us on Twitter and like us on Facebook.  Thanks for listening!

Social Media Security Podcast 32 – The Privacy Paradox, Twitter Hacks, Facebook Home

avatarThis is the 32nd episode of the Social Media Security Podcast sponsored by SecureState.  This episode was hosted by Tom Eston and Scott Wright recorded April 25, 2013.  Below are the show notes, links to articles and news mentioned in the podcast:

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunesfollow us on Twitter and like us on Facebook.  Thanks for listening!

The New Facebook Graph Search: How to Protect Your Privacy

Over the last several months, Facebook has been making significant design and UI changes. Besides the newsfeed changes announced several weeks ago, Facebook has recently begun rolling out a large change in the way you search for information through the platform. While this feature is still in “beta” status, you can tell if you have the new Graph Search by looking at the top left side of your Facebook profile (Figure 1). You will see a search area called “Search for people, places and things”.

 

facebook_privacy_settings_graph_search

Figure 1 – Location of the Facebook Graph Search on Your Profile Page

 

The Facebook Graph Search is a new implementation of search which retrieves information that comes from Facebook’s Graph. This new feature brings powerful capabilities for finding out more about your friends’ “likes” and activities. It also provides attackers with a more efficient way to glean information for social engineering attacks and other intelligence gathering activities.

What’s the Facebook Graph?

Think of the Facebook Graph as a very large database of personal information from (literally) a billion Facebook users. This information is categorized by what you and your friends like as well as what you’ve posted, what’s in your profile, locations you’ve visited, and tagged pictures. The Facebook Graph has evolved over the years in order to correlate as much information as possible, making it very easy to search.

What’s the Privacy Concern?

The issue is that anything you’ve ever posted publically, “Liked,” or were ever tagged in can be quickly searched. Additionally, other information that you’ve posted in your profile, such as your hometown, relationship status, and employer now become searchable. For example, those party pictures you were tagged in four years ago doing things you would never do anymore can be searched by your friends and possibly the friends of your friends; or worse, anyone with a Facebook account.

The Graph Search opens up lots of new and interesting search possibilities that we’ve yet to see on a social network. Here’s one example: Suppose you are a single male looking for single females. You can simply search for “photos of friends of my friends who are single and female” and find pictures of all the single females that are friends of your friends. Interesting, huh? How about the intelligence gathering aspects of these types of searches? For example, search for “<Insert Company> employees located in <Insert City> and you will have a list of targets for social engineering or more. For some other eye opening searches, I recommend you read this blog which shows some interesting privacy ramifications of creative searches.

How to Protect Your Privacy

First, check out Facebook’s “Activity Log” (Figure 2) which can be found under Privacy Settings and Tools in your Privacy Settings.

 

facebook_privacy_settings_activity_log

Figure 2 – Location of Facebook’s Activity Log

 

Next, if you want to change the privacy settings for all posts you’ve shared with Friends of Friends or with the Public, you can select “Limit Past Posts,” which will automatically change the privacy settings on all past posts (Figure 3).

 

facebook_privacy_settings_activity_log2

Figure 3 – Selecting “Limit Past Posts” changes privacy settings for all posts set to Friends of Friends or Public

 

 

You will also want to make sure you review the following items in your Activity Log (Figure 4): Your Posts (especially those set to Public or Friends of Friends), Posts You’re Tagged In, Posts by Others, and Your Photos. It doesn’t hurt to also review your Likes to make sure there is nothing you liked that you don’t want coming up in a search.

 

facebook_privacy_settings_activity_log_photos_tags

Figure 4 – Items to Review in Your Activity Log

 

Lastly, carefully review your Facebook Privacy settings especially if you haven’t looked at them in a while. The Facebook Graph Search makes these settings more important than ever. Be sure to download SecureState’s recently revised Facebook Privacy & Security Guide which walks you through the recommended privacy settings while still allowing you to be social. The updated guide includes details on Facebook Graph Search and other important privacy settings. I encourage you to share this guide with friends and family.

Looking For More Information on Social Media Privacy?

SecureState has just released a comprehensive whitepaper by Ken Smith of SecureState’s Profiling & Penetration Team entitled “The Problem with Privacy”. I highly recommend you download and read this whitepaper to find out what the latest threats to your privacy are when using Social Media.

Cross-Posted from the SecureState Blog

Social Media Security Podcast 31 – New Facebook Graph Search, Fake Internet Girlfriends, Social Media and Your Business

This is the 31st episode of the Social Media Security Podcast sponsored by SecureState.  This episode was hosted by Tom Eston and Scott Wright recorded January 18th, 2013.  Below are the show notes, links to articles and news mentioned in the podcast:

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunesfollow us on Twitter and like us on Facebook.  Thanks for listening!

 

Social Media Security Website and Podcast Reloaded!

Since 2009, I’ve been maintaining the popular Facebook Privacy & Security Guide that has been used by several universities and government agencies as well as regular users of Facebook.  If you’re not familiar with my guide, it’s a simple two page handout that walks you through recommended privacy and security settings for your Facebook profile.

The guide has been a labor of love but also required frequent updates since Facebook has drastically changed the privacy controls as well as the layout within the Facebook platform over the years.  Needless to say it’s been tough to keep the guide updated and also tough to keep it to a single page so that it can be easily distributed.  Today, I’m happy to announce that my company SecureState is now officially sponsoring the guide so that it can be maintained with frequent updates!  Having said that, I’m announcing today the release of the fourth version of the Facebook Privacy & Security Guide, updated with the latest information on Facebook’s privacy and security settings.  Please download and distribute to friends and family.

Also around the same time I started the guide, I started the Social Media Security website and podcast.  The podcast is still being recorded monthly and co-hosted by myself and Scott Wright.  Today we also released our 30th episode along with a website redesign for socialmediasecurity.com.  I’d like to thank the podcast’s new sponsor SecureState for the new design and support of the podcast.  Special thanks go to DigiP over at Tick Tock Computers for putting together a great site redesign and logo.  I look forward to recording more podcasts and getting the word out on how to safely use social media!

Social Media Security Podcast 30 – The Password Episode

This is the 30th episode of the Social Media Security Podcast sponsored by SecureState.  This episode was hosted by Tom Eston and Scott Wright.  In this episode we talk about the password problem and why we continue to choose easy to guess passwords.  Tom and Scott also talk about ways to select more secure passwords and how technology can help.  Below are the show notes, links to articles and news mentioned in the podcast:

The password Episode!  It’s episode 30!

Major password breaches in the last few months:
Brute force attacks on passwords is the #1 way we break into companies during pentests! Want to see the poor passwords people choose? SkullSecurity has very good lists from previous breaches.  Looking for more information? Tom wrote a white paper on how easy it is to profile user passwords on social networks.
The password problem.  Users continue to make poor password choices. Why? 
  • Too many to remember?
    • It’s easier to use the same password for each site
    • Also the same user id and email
  • Failures in user awareness?
  • Users are not provided the technology to help
  • Social networks and other sites make it easy to choose weak passwords, little adoption of two factor authentication because users will complain
  • Mobile apps are not designed to constantly enter passwords.  This is why you “stay logged in”.
Worse case scenario?
What is the solution?
Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes and follow us on Twitter.  Thanks for listening!
1 2 3 4 35