Social Media Security Podcast 39 – Snapcash, Yik Yak, LinkedIn Security and Privacy Tips

socialmediasec-avatar-80x78This is the 39th episode of the Social Media Security Podcast sponsored by SecureState and the Streetwise Security Zone.  This episode was hosted by Tom EstonScott Wright recorded December 12, 2014.  Below are the show notes, links to articles and news mentioned in the podcast:

  • Snapcash” has been announced by the creators of Snapchat. Can Snapchat gain enough consumer confidence to break into the payments field?
  • Yik Yak is a social app for browsing anonymous chats in your locale and it’s gaining popularity with teens and causing some problems for schools.
  • Yik Yak is also not as private or anonymous as you think as a new security vulnerability was just disclosed!
  • How to opt out of Twitter’s new app tracking feature
  • Facebook’s updated Privacy Policy? Not much new, but policies have been reworded to be somewhat less onerous to read
  • Facebook At Work – Will it work?
  • Scott and Tom share our opinions on the big Sony Pictures security breach
  • Scott shares some best practices on how to secure your LinkedIn account. Tom shares some good tips to make your LinkedIn account more private. Here are a few of the tips we discussed:
  • 1) Turn on HTTPS for all sessions:
    – Check the “Secure Connections” box in the security settings page

    2) Turn on Two-Step Verification

    – The security settings page will tell you whether or not two-step verification is already set up
    – You can turn it on, and provide a mobile phone where SMS messages will be sent

    Both are accessible by doing the following while logged in to your LinkedIn account on the Web:

    a) Hover the mouse cursor over your profile picture

    b) Click on the Account tab in the bottom left of the page

    c) Click on “Manage Security Settings”

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  Don’t forget  to subscribe to the podcast in iTunesfollow us on Twitter and like us on Facebook.  Thanks for listening!

 

Social Media Security Podcast 34 – Facebook Privacy, LinkedIn Scammers, Naughty Employees

This is the 34th episode of the Social Media Security Podcast sponsored by SecureState and the Streetwise Security Zone.  This episode was hosted by Tom Eston and Scott Wright recorded June 18th 2014.  Below are the show notes, links to articles and news mentioned in the podcast:

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  Don’t forget  to subscribe to the podcast in iTunesfollow us on Twitter and like us on Facebook.  Thanks for listening!

Social Media Security Podcast 30 – The Password Episode

This is the 30th episode of the Social Media Security Podcast sponsored by SecureState.  This episode was hosted by Tom Eston and Scott Wright.  In this episode we talk about the password problem and why we continue to choose easy to guess passwords.  Tom and Scott also talk about ways to select more secure passwords and how technology can help.  Below are the show notes, links to articles and news mentioned in the podcast:

The password Episode!  It’s episode 30!

Major password breaches in the last few months:
Brute force attacks on passwords is the #1 way we break into companies during pentests! Want to see the poor passwords people choose? SkullSecurity has very good lists from previous breaches.  Looking for more information? Tom wrote a white paper on how easy it is to profile user passwords on social networks.
The password problem.  Users continue to make poor password choices. Why? 
  • Too many to remember?
    • It’s easier to use the same password for each site
    • Also the same user id and email
  • Failures in user awareness?
  • Users are not provided the technology to help
  • Social networks and other sites make it easy to choose weak passwords, little adoption of two factor authentication because users will complain
  • Mobile apps are not designed to constantly enter passwords.  This is why you “stay logged in”.
Worse case scenario?
What is the solution?
Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes and follow us on Twitter.  Thanks for listening!

Social Media Security Podcast 29 – Fake Bieber, Facebook Social Engineering Tool, MySpace Who?

This is the 29th episode of the Social Media Security Podcast.  This episode was hosted by Tom Eston and Scott Wright.  Below are the show notes, links to articles and news mentioned in the podcast:

  • MySpace charged for violating user privacy, vows to do better
  • How a fake Justin Bieber “sextorted” hundreds of girls through Facebook
  • FBPwn: A cross-platform Facebook social engineering tool
  • Tom and Scott’s take on the Facebook IPO
  • LinkedIn CSRF (Cross-site Request Forgery) controls attacked
  • Scott gives us an update on his mobile honeystick project
We are still planning on getting back to regular podcasts! Stay tuned.  Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes and follow us on Twitter.  Thanks for listening!

Social Media Security Podcast 28 – Facebook Timeline, US Privacy Questions, Twitter Acquisitions

This is the 28th episode of the Social Media Security Podcast recorded back a few months ago.  Content is still relevant! :-) This episode was hosted by Tom Eston and Scott Wright.  Below are the show notes, links to articles and news mentioned in the podcast:

Don’t worry! We are still planning on getting back to regular podcasts.  Stay tuned.  Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes and follow us on Twitter.  Thanks for listening!

 

Social Media Security Podcast 25 – Facebook Security Updates, FaceNiff, Social Media Background Checks

This is the 25th episode of the Social Media Security Podcast recorded July 1, 2011.  This episode was hosted by Tom Eston and Scott Wright.  Below are the show notes, links to articles and news mentioned in the podcast:

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes and follow us on Twitter.  Thanks for listening!

Firesheep’s Revenge

No, this is not an article on the new version or even newly added super hero features for firesheep? #titlefail? Maybe but please read on then decide.

I know firesheep has lost its shiny coin syndrome with most but the attack is still working quite well in the field.  While the readers/listeners have been doing a good job of enabling secure browsing options in Twitter and Facebook, we still have a long way to go. Please keep spreading the word and keep pleading to social networking sites to enable secure browsing by default.  So, Why the “Firesheep’s Revenge” title?  Well these last month’s, a couple of us have been testing common social media monitoring (SMM) tools.  These tools are generally used by small businesses, internal marketing, or external marketing companies to help update social media accounts without the hassle of logging into every social networking site individually.  We have been testing these SSM’s and found that:

http://hootsuite.com/dashboard#
http://sproutsocial.com/dashboard
http://standard.cotweet.com/channels#

Are not using secure browsing by default, allowing us to hijack sessions.  What does this mean? Well by adding your social media accounts into these SMM tools, you are granting the tool permission or full control over that account(s). By gaining control over the tool we are bypassing all the hard work you did by enabling secure browsing in each of your twitter and facebook accounts.  Try explaining to the VP of Marketing that even though you checked the “defeat firesheep” box it still works. And not only will it work on Facebook/Twitter but now LinkedIn, Foursquare, ping.fm and Ning accounts all in one interface. Most of the time we were looking at full access to the corporations social media strategy. So, we are right back to where we started, teaching the user that security is usually the last thing on the mind of these rapid development firms. If you do not see the option of “secure browsing”, then please be careful of where you update your social media accounts. Ask your tool makers where this option is located.  If they do not have this option then maybe you should look for another tool.

James F. Ruffer III
Unixbox
@jruffer

Social Media Security Podcast 19 – New Changes to Facebook, Social Media Risk Survey, LinkedIn Scams

This is the 19th episode of the Social Media Security Podcast recorded October 8, 2010.  This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast:

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes and follow us on Twitter.  Thanks for listening!
1 2