Social Networking Safety Tips

This month’s “OUCH!” newsletter by the SANS Institute covers social networking sites such as Google+, Facebook, Twitter and LinkedIn. The newsletter covers the risks and how to use these sites safely.

Download the English version here (pdf).

Can Social Media Cause You Harm?

When using such social media communication tools as Twitter or Facebook, we may not always think about who will be able to see our comments and posts. As far as we know, only our friends and followers can see them. But is this true?

In two recent articles on the Boston Globe I found several examples listed of when posts made to Facebook led to job termination or other problems with employers. The lesson it teaches is that what for you might be a mechanism for venting or sharing your working situation with your trusted friends, is for others a reason to see you as unsuitable in your job.

In a perfect world, our online conversations are protected by the privacy settings on Facebook and in some cases the First Amendment protects us as well, but common sense tells us that these “protections” are not iron-clad. The internet, and social media by design, is a public forum for conversations. A secret is not a secret if it is conveyed to more than one person.

Best rule of thumb: If you don’t want even one other person knowing about something you think or feel, it’s best not to use the Internet to share those feelings and thoughts.

Read the stories at Boston.com:
Facebook comments bring firing and a fight
Teacher fired over ‘friending’

Facebook Goes to HTTPS

Facebook is getting a little more serious about security after the CEO’s fan page got hacked. Facebook wrote on their blog that they are rolling out the option for users to access Facebook via a secure SSL (https) connection. According to the blog article, users need to go to their account settings and choose “secure browsing” from the account security section of the page.

This change is being rolled out over the next few weeks so not everyone will see the new option right away. The blog post does warn that the browsing experience may be slower (due to the encryption overhead) and that not all 3rd party applications are compatible with secure SSL at this time.

Read the full story on CNet.com.

Risky Trojan Horse for OS X Found

A new Trojan horse malware that affects Mac OS X has been found called “trojan.osx.boonana.a.” It is being disguised as a video link and distributed through social-networking sites like Facebook. It may have the text “Is this you in this video?” in the link. When the link is clicked, the Trojan will run a Java applet that will download other files to the computer and run an installer automatically.

The Trojan appears to report system information to servers on the Internet, which can cause a breach of personal information. The Trojan also will attempt to spread itself by sending messages from the user account to other people through spam e-mail messages. As with most Trojans, this will require you to enter your password to install the software and make modifications to the system, so be sure you never supply your password unless you specifically open an installer file and know and trust where that installer came from.

Read the full story at cnet.com.

Study Says IT Security Workers Most Gullible

A vast portion of a study group were duped into revealing corporate and personal secrets after being invited to “friend” a seemingly honest but bogus profile on a popular social networking site. Out of the 2000 randomly selected people, 86 percent identified themselves as working in the IT industry and 31 percent of those said they worked in some capacity in IT security.

BitDefender, the vendor who ran the study believes this study should serve as a wake-up call to IT security professionals, because it demonstrates that those responsible for safeguarding enterprise data networks are the most likely to divulge sensitive personal and key corporate information to a stranger through a social networking site.

Read the full story at esecurityplanet.com.

Tips for Safer Facebook Use

Nearly half a billion people use Facebook, making it a target for criticism, controversy, curiosity as well as a place for hackers, crackers, spammers and scammers to do their evil best.

These tips come from a recent SANS newsletter and address specifically Facebook and safety issues:

  • Assume that your personal information is visible to anyone, not just your friends
  • To prevent identity theft, do not display your full birth date, show just the month and day or leave it blank
  • To protect children, do not add their names to photos or comments
  • Do not mention being away from home, leave vacation plans vague
  • Restrict searches for your information, and find out what options are available for restricting public searches. At minimum, you should be able to prevent your information from being searched by anyone other than your friends
  • Supervise your children under age 13 using social networks, possibly become one of their online friends
  • Think twice about who to allow to become an online friend, and find out if you can remove a friend if you change your mind about them or discover they’re not who they claim to be
  • Use an up to date web browser and have comprehensive anti-virus software on your computer as well as an enabled firewall
  • Adjust your privacy settings to protect your identity, understand how to use them and be aware they change over time
  • Make a cut-down version of your profile available to everyone, reveal the rest only to people you trust
  • Disable options and add them one by one and turn off unfamiliar settings until you understand, need or want them
  • Understand what happens when you close your account; must you submit a delete request and does it come with gotchas such as photos remaining on their server?

Online Security When School’s Out

At home my online service provider is Comcast. The company recently sent out a communication highlighting some items to be aware of regarding online security.

This is not meant to be a plug for Comcast. Regardless of the service provider you use at home, the information listed in the communication I received would benefit any family that wants to remain worry-free over the summer while kids are out of school, so I’m sharing it with you here:

  • Security Suites: Comcast provides a security suite for online protection to its customers at no additional charge. Find out if your service provider offers online security tools with your Internet package that helps block malware, spam and other cyber threats.
  • Family Tools: Comcast recommends a few tools you can download to make sure your kids are visiting safe websites and don’t get into any trouble while sharing information with their “friends.” Norton Online Family and KidZui are the ones that Comcast recommends and there may be others you can download for free or a small fee from family-friendly websites.
  • Teaching Your Kids Safety: Keep your kids safe while they learn something new at the same time. Comcast suggests having them take the Cyber Summer Safety Challenge sponsored by Comcast/McAfee.
  • Staying Updated as a Parent: Finally, if you as a parent don’t understand the threats, it will be difficult to keep your children from making fatal mistakes while surfing online. Learn about social networking dangers and how to avoid dangerous sites that can steal your personal information or download something nasty to your computer at home, and stay up to date with the latest software security updates. After all, your home computer is likely where you do your bills, store your photos, and file other personal correspondence.

These additional resources may help you in your effort to protect you computer and family:

  • The National Cyber Security Alliance has many suggestions for teaching children to protect themselves and their computer from online threats. Other sites to check out: iSafe.org and netsmartz.org.
  • Internet Keep Safe Coalition – as president of this organization, Marsali Hancock speaks nationally and internationally on digital citizenship issues (safety, security and ethics/responsibility); the organization also addresses standards and priorities for K-12 educators.
  • Check with your cable TV & internet service provider to find out what special security tools and services they offer. These are security services by the big three in the Boston area: Comcast, AT&T and Verizon.