Social Media Security Podcast 34 – Facebook Privacy, LinkedIn Scammers, Naughty Employees

This is the 34th episode of the Social Media Security Podcast sponsored by SecureState and the Streetwise Security Zone.  This episode was hosted by Tom Eston and Scott Wright recorded June 18th 2014.  Below are the show notes, links to articles and news mentioned in the podcast:

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  Don’t forget  to subscribe to the podcast in iTunesfollow us on Twitter and like us on Facebook.  Thanks for listening!

Social Media Security Podcast 32 – The Privacy Paradox, Twitter Hacks, Facebook Home

avatarThis is the 32nd episode of the Social Media Security Podcast sponsored by SecureState.  This episode was hosted by Tom Eston and Scott Wright recorded April 25, 2013.  Below are the show notes, links to articles and news mentioned in the podcast:

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunesfollow us on Twitter and like us on Facebook.  Thanks for listening!

Social Media Security Podcast 22 – Skype Email, Taxonomy of Socnet Data, Facebook Graph API

This is the 22nd episode of the Social Media Security Podcast recorded January 21, 2011.  This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast:

  • Skype credit email as an apology – a new trend we can expect in 2011 from good guys and bad guys.  Screen shot mentioned in the podcast.
    Scott’s note: I searched for posts about this email before clicking on it, and it was actually legitimate. However, this would be a very compelling phishing attack for any organization that recently suffered a PR setback. Any time you get an unexpected email, even if it looks like the circumstances make sense, you need to check on its authenticity. And any organization issuing such an Email should also post an announcement of the campaign on their home page, and issue a press release to make it easy for people to verify the legitimacy of the email.
  • Bruce Schneier’s taxonomy of social network personal data
  • Facebook now tells you about people you know who have found friends using their Friend Finder
    Scott’s note: I always tell people never to enter their email address and password on sites that aren’t their email service. You don’t know what they will do with your password, or if it might be captured. It also exposes your friends to potentially unwanted email messages – e.g. spam.
  • Facebook Lets Developers Ask a User for Their Address, Phone Number in the Graph API
  • Twitter Worm Pushing Rogue Antivirus Scam

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes and follow us on Twitter.  Thanks for listening!

Social Media Security Podcast 16 – Diaspora News, FTC and Twitter, Twitter XSS, Facebook App Permissions

This is the 16th episode of the Social Media Security Podcast recorded July 2, 2010.  This episode was hosted by Tom Eston and Scott Wright.  Below are the show notes, links to articles and news mentioned in the podcast:

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes. Thanks for listening!

Social Media Security Podcast 14 – Recent Facebook Hacks and Controversy, Diaspora, Swipely

This is the 14th episode of the Social Media Security Podcast recorded May 14th, 2010.  This episode was hosted by Tom Eston and Scott Wright.  Below are the show notes, links to articles and news mentioned in the podcast:

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes. Thanks for listening!

Social Media Security Podcast 11 – Google Buzz, Geostalking, Twitter’s Phishing Filter

This is the 11th episode of the Social Media Security Podcast recorded March 15, 2010.  Sorry for the delay on releasing this!  We should be back on our biweekly schedule soon.  This episode was hosted by Tom Eston and Scott Wright.  Below are the show notes, links to articles and news mentioned in the podcast:

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes. Thanks for listening!

Social Media Security Podcast 4 – Death by Twitter, Open Source Intelligence, Policies, Google Wave

skullThis is the 4th episode of the Social Media Security Podcast recorded November 6, 2009.  This episode was hosted by Scott Wright, Tom Eston and Kevin Johnson.  Below are the show notes, links to articles and news mentioned in the podcast:

  • More scams on Twitter including the recent IQ quiz attack.  Disinformation on social networks…someone died example..are you sure they are really dead?
  • Tom talks about his Open Source Intelligence Gathering talk that he recently gave.  How do you find information posted about your company on social networks and why should you look?  Now is probably a good time for your company to create a social media strategy and then develop a Internet postings policy around this strategy.
  • Cisco has a great Internet posting policy to reference when created one for your company.
  • Scott talks about creating a postings policy for your company.  Here is a link to the Forrester book titled “Groundswell” that talks about creating a social media strategy.
  • Kevin talks about Google Wave.  What is it and why would we want to use this?  What are some of the security issues with Google Wave?  Check out the great research that theharmonyguy has been doing on Google Wave.
  • Developers! Please start coding securely from the beginning of the project! ktksbai.
  • Be sure to follow us on Twitter to stay up-to-date on all the latest news in the world of social media security!

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast now in iTunes! Thanks for listening!

Social Media Security Podcast 3 – Phishing and Koobface, What is CSRF, Protected Tweets

skullThis is the third episode of the Social Media Security Podcast recorded October 23, 2009.  This episode was hosted by Scott Wright, Tom Eston and Kevin Johnson.  Below are the show notes, links to articles and news mentioned in the podcast:

  • Tom and Scott talk about phishing on social networks. How can you tell the difference between a fake friend request and a real one? Here is a screen shot of a fake friend request and a real friend request.  Just by looking at the email…it’s really hard to tell the difference isn’t it?  The only way you can tell the difference is to look at the URL the link is going to by looking at the message source (code and/or mail header info).  We advise you check your Facebook Inbox for legitimate friend requests, don’t click on friend request links in email.
  • Tom gives a primer on Koobface. What is the Koobface worm and how does it spread?  If you want to learn more about Koobface check out this very good paper created by TrendMicro on how Koobface works.
  • Kevin gives a great non-technical overview of CSRF (Cross-site request forgery).  Want to see a real CSRF attack demonstrating stealing private Facebook profile information? Check out this video and blog post.  Here is the great talk by Jeremiah Grossman about exploiting business logic flaws that Tom mentioned.
  • Interested to know more about CSRF? Check out Security Now! Episode 166.
  • Are your protected tweets able to be searched by Google?  Tom clarifies that this article was not true at all.  However, there are some important things you need to know about protected tweets and why making your Twitter account private doesn’t buy you much.
  • Due to popular demand we are going to try recording the podcast bi-weekly!
  • Be sure to follow us on Twitter to stay up-to-date on all the latest news in the world of social media security!

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast now in iTunes! Thanks for listening!

1 2