The False Rumor

The way information travels has continually advanced as time has passed.  At first there were letters, then there was radio and television, and in the present day we have the Internet. With each technological advancement the speed at which this information travels has increased exponentially, especially today.  Therefore, any sort of news of them spreads quite quickly.  According to an article at HomelandSecurityNewsWire.com, “social media sites have proven useful in quickly disseminating information, and raising awareness during disasters or disease outbreaks.”  However, the only problem with information passing in this manner is that it can be a “double-edged sword” because any number of times this new information could just be a false rumors or false information in general. This can be especially troubling in the case of news about epidemics, natural disasters, and the like.

Info obtained from:http://www.homelandsecuritynewswire.com/social-media-double-edged-sword-epidemics

Cloud storage and the new realities for IT departments

IT departments love control and for a good reason. Security is a major concern for large corporations with thousands of employees, but even a small business like your local bakery also wants to be protected from cyber crimes.

The challenge is a lot of people are switching to a new breed of web applications like dropbox and box.net which are very easy to use. Employees already use these tools at home for their everyday lives and they love it, so why not at work!

The problem is security and lack of control over these application. IT departments need the ability to tackle issues and attacks in real time and depending on a service such as Dropbox might not be their ideal solution.

Dropbox and other services are noticing the trend and started offering business packages and more control for teams.

To me the main thing to understand here, is the power of good design and development. People use applications like Dropbox because they are so easy to use and there are no crazy setup preferences to make you call a younger son or daughter to teach you how to do something.

Facebook’s security woes: 600K accounts compromised per day

Facebook’s security woes: 600K accounts compromised per day

By Kara Reeder

November 2, 2011, 7:49 AM PDT

Takeaway: Kara Reeder reports on the latest security mishaps from the Facebook camp.

With more than 800 million active users, there’s no shortage of people looking for loopholes in the social network. The latest vulnerability has been discovered by Nathan Powers, who works for technology consultancy CDW. Powers has discovered a way for a user to send an executable file to another user who is not their friend. The risk, as Computerworld points out, is that “a hacker [could] send, for instance, a key logging program to another user in a kind of spear-phishing attack.”

Facebook’s Security Manager Ryan McGeehan is downplaying the flaw, noting that “an additional layer of social engineering” would be required for the scam to work.

Security issues are nothing new for Facebook. In fact, as msnbc.com reports, buried deep in a recent security announcement, Facebook revealed that 600,000 accounts are compromised every day. Of course, Facebook put a different spin on it, saying “only 0.06 percent of 1 billion logins per day are compromised.” Still, 600,000 a day is nothing to scoff at as hijacked Facebook accounts lay the foundation for a number of misbehaviors, including cyber bullying and scams designed to trick unsuspecting users into coughing up money.

Editor’s Note: Facebook has clarified what they mean by “compromised.” According to TechCrunch:

Facebook wants it known that these accounts weren’t hacked or compromised on Facebook itself, they are compromised off site, such as through phishing scams, for example.

Facebook blocks access to accounts when they have reason to believe someone other than the true owner is trying to access it. Here is Facebook’s original infographic (PDF), which includes the numbers cited (.06% of 1 billion logins per day).

 

I am astonished that Facebook down plays such a large number of compromised accounts.  600,000 accounts a day are compromised!  I can’t even begin to wrap my head around that figure.  Many of these users are not in the information technology field and most likely don’t have a healthy sense of skepticism when using a social networking site like Facebook.  IF attackers are able to compromise user’s accounts, they can harvest useful information that user’s post on Facebook assuming their information is safe and secure.  They need a password to access their profile so they assume no one else is able to access the profile without their knowledge.  This is definitely not a safe assumption to make.  The stat of 600,000 compromised accounts a day clearly prove that.

The discovery of the latest vulnerability of Facebook was made by Nathan Powers of CDW.  The vulnerability makes it possible for an attacker to send an executable file to another user that they are not friends with.  Programs like key loggers and bonnets could be sent in attempts at a spear fishing attack.  This presents a major security risk for the end users of Facebook.  Their personal information including passwords, pin numbers, web surfing activity, and bank account numbers to name a few could now be possible accessed remotely by another Facebook user.  The victim would have no idea that this was happening until it was too late.  The attacker could also make fraudulent entries on the victims Facebook profile and damage their reputation with friends, family and colleagues.

I myself am a Facebook user, but after reading this article I am going to have to think long and hard if continuing to do so is just too risky.  It is wonderful that I am able to keep in touch with friends and family that live far away and see pictures of them; but is that really worth possibly exposing myself to an attacker looking to hack my account and cause havoc?

Facebook cookie vulnerability

A recent Facebook vulnerability revealed that Facebook could track websites that users visit after logging out. However, this is only for websites that integrate with Facebook. This is due to how the website uses cookies. A web cookie stores information on the client computer for when the user returns back to the website. Storing login information and user preferences are some common uses for web cookies.

Apparently Facebook has been aware of the issue for over an year but has failed to acknowledge it till it was widely reported. The article continues to reports that Facebook wants to maintain use of this feature for safety and spam. Its suggested that users clear their cookies in the web browser or use a separate browser for Facebook for additional security.

Its also reported that Facebook hasn’t been using this information but its something to be aware of. What are your thoughts about the amount of information Facebook has on individuals? It seems like Facebook is using this to protect users but should they really be doing this? The article mentions how other websites also do this however, I think because of the amount of information Facebook already has on its users, and its past with mishandling information, it raises some important questions.

Read the article here- http://www.bbc.co.uk/news/technology-15091674

Facebook’s New Features

With new modifications implemented on facebook, and without proper changes to some privacy settings, your friends can see your current activities such as what game your  playing, websites or articles that you are currently visiting, and even what music or song that you are listening to without your consent to share this information. With all of these new ‘real time’ apps on facebook, it brings up the common question “where is the line  drawn that the information being broadcasted is getting too personal”.

Another new feature that will be added onto facebook is a timeline feature. It has already been documented that this timeline could pose to be a “gold mine” for harvesting information about people. The information would be displayed in chronological order, and could potentially increase the risk of the user being “cyber-stalked”. The information provided in the timeline could also help a criminal steal your passwords, since most users generally use personal information as their credentials.

Overall, I think that the new modifications on facebook will take some ‘getting used to’. It is becoming more of a controversy whether the information outputted on the website, knowing or unknowing to the user is being displayed is a privacy concern.

Sources:
http://www.cnn.com/2011/09/23/tech/social-media/facebook-real-time/index.html?iid=EL

http://www.computerworld.com/s/article/9220240/Facebook_s_Timeline_will_be_boon_for_hackers

Facebook Timeline

Just recently, Mark Zuckerberg announced a new feature called Timeline that will be available to all facebook users in a few weeks. Supposedly, this new feature will summarize all of a user’s important past events in a one page summary. This would be a good way to somewhat share a person’s life story online which could include first dates they’ve been on, meaningful events, or favorite foods. It doesn’t mean that it’s not already made available for someone to see, but it makes it easier for another person to learn more about someone else. That person however, could potentially be a cyber criminal. They could easily gather information about a person in order to find answers to security questions or find smarter ways to spread malware. Other than a cyber criminal, there could be people out there looking for information to use against other people.

Simple way to be safe: don’t post personal information and
try to have common sense when posting things online.

http://www.computerworld.com/s/article/9220240/Facebook_s_Timeline_will_be_boon_for_hackers

What is a secure password?

Secure passwords are an issue that internet users face everyday. Every time you sign up on a new website, you are asked to use a password for your login. You look around you, making sure the resident computer security expert doesn’t see you, and you type in that one password that you use for every other site. You justify the use of that password by saying, “It’s a secure password: it contains more then 10 characters, some upper case, some lower case, some numbers, and a symbol” (which doesn’t actually guarantee a secure password).

“So what is a secure password?” you ask. Simply put, a secure password is one that is somewhat long, easy to remember, and only told to people or websites that you trust. The last one is the key. It is very simple to create a website that has the sole purpose of harvesting passwords from users. A website that promises, and maybe delivers, a service that the user would find useful. The user signs up for it, and puts in their password, and usually email address as well, and now the admins of that website have your email login and, if the password is the same, your email password. The website admin could also try and use the combination on Facebook, Twitter, banking sites, etc. and see what information, and possibly money, they can get.

So next time you sign up for a website, ask yourself “Do I trust the admins of this site with the ability to read my email? Change my Facebook page? Post on my Twitter account?”. If you answered yes then by all means use the same password as those other services; but, if you answered no, do yourself a favor and use a new password.

See also:

http://www.usewisdom.com/computer/passwords.html
http://xkcd.com/792/

Newly Proposed Youth Online Privacy Law

Recently the FTC (Federal Trade Commission) has proposed to revise child privacy laws to furthermore protect kids under the age of 13 online. It’s to no surprise that this law revision targets Facebook as more than 7.5 million users under the age of 13 are registered to Facebook. Signing up for Facebook under the age of 13 goes against their Terms of Service however this doesn’t stop anybody from lying about their age. It’s suggested that Facebook may implement age verification requirements but the details on how this would be done is unknown. This law also focuses on privacy of mobile phones- used by children. The proposed law suggests that certain geolocation information can and can’t be collected. It’s to furthermore protect kids from being targeted with more information out in the wild about their whereabouts.

I believe it’s the job of the parent’s to talk to their kids about online and safety and what information they put online. I think too often, kids think that nothing will happen to them. It may also be valuable to be involved with kids’ online activity. Keep their Facebook or other social networking passwords and occasionally ‘check up on them’.

For parents that are concerned about their kids and geolocation data, it’s not a bad idea to disable the GPS feature on their phones as GPS on phones can be a powerful tool for stalkers and child predators.

To read more about the newly proposed stricter youth privacy laws visit- http://www.wired.com/threatlevel/2011/09/ftc-youth-online-tracking/

What can a hacked social networking site do to society?

Source: http://news.cnet.com/8301-27080_3-20104165-245/nbc-news-twitter-account-hacked/?tag=topTechContentWrap;editorPicks

What can a hacked social networking site due to society? Recently the NBC News Twitter account was hacked by The Script Kiddies, who posted things such as “Breaking News! Ground Zero has just been attacked. Flight 5739 has crashed into the site, suspected hijacking. More as the story develops,” and they also sent of messages that said “This is not a joke.”

Could you imagine being a person, sitting there on the 10th anniversary of the 911 attacks and receive a twitter message, whether it be on the computer or on your cell phone, stating that there has been another attach. This kind of hacks could have caused mass hysteria and panic.

Though thanks to the fast work of Twitter and NBC News the posts were deleted and NBC posted an apology for it and also told fellow titter followers to disregard the tweets posted because they had been hacked and not to retweet them.

Now could you imagine what would happen if this message could have gotten out even more. NBC has 133,306 followers out of the 312,190,826 people in the united states. With the use of other social media sites, such as Facebook, were there are even more people connected to it, hackers could use this to spread new, that is false, that could cause people to believe this information and act upon it with out really knowing the true situation.

We must applaud the fast action of the administrators of the NBC Twitter account and the administrators of Twitter for correcting this problem. It is probably due to this that there was no problems and this is probably a great response to the situation on their part. The group that hacked the twitter account, The Script Kiddies, are really an unknown group right now, but who knows what they are planning next. It is my recommendation and well as probably a lot of other users of Twitter for the creators of Twitter to update and increase security measures and security options on their accounts so they can try to avoid this in the future.

Facebook Security and Privacy Issues

http://www.foxnews.com/story/0,2933,353121,00.html

Above I have posted a link to a cyber security article about the security risks and privacy issues people may encounter while using social media websites, such as Facebook, Myspace, Twitter, etc.. Many individuals that use Facebook feel safe and secure, because they have their profiles set to the privacy setting, which, therefore, they believe that nobody could access any or all of their personal information and data.  However, this is untrue because, whenever a user decides to download an application on Facebook, they are therefore allowing its developers to view all of their access information.  This causes a problem though:  Since it poses several privacy issues, all of Facebook’s users are having all of their information looked at and are now getting targeted based on that information.  Also, people are going to have a false sense of safety while using social networks, when really they are actually facing several security risks without even knowing it.  In my opinion on this topic, individuals using social media websites are being taken advantage of and are now going to be potential victims of cyber security crimes and computer viruses, and I believe that the best thing that people can do to stay protected is to not post any personal information out onto the web that can lead to potential endangerment.