At least it’s easier to understand than the prompt from Facebook asking me to accept and open my connections which I saw a few weeks back. To manage your privacy on Facebook, you will need to navigate through 50 settings with more than 170 options. I’m starting to seriously consider switching to the next best
[Update: according to Neil Rubenking, FB chat is now working again and it's no longer possible to view friend requests or chat activity for other users.] I've just blogged yet again about Facebook and privacy: I don't usually publish the same content on different blog sites, but this is a recurrent hot topic in the ThreatBlog,
…but not in a good sense. Clearly there's a lot of confusion about the detail of Facebook's latest changes, as suggested by MSNBC at http://www.msnbc.msn.com/id/36877160/ns/technology_and_science-tech_and_gadgets/, though it's clear enough that they don't amount to a victory for common sense and user privacy. But what do you do about it? Well, here's a good start. Social Media
Wow. File this under ‘how stupid thoughtless can any one person in a position of absolute power be…’ One school official abuses the built-in webcam access used with anti-theft software [legal malware] which they had packaged onto school laptops… to their own detriment. What sparked the discovery was Assistant Principal Lindy Matsko's assertion in early November that
My assessment is that this could be a strong leap forward in support of Community Driven Open Source Privacy. Another assessment is that if corporate decision makers aren’t incentivized either internally by a supportive Corporate Culture or externally by regulation, getting the entire grip on cybersecurity is going to be difficult if not impossible. One final assessment is that this gap is crying out for a Cybersecurity / Personal Data Security BBB-type organization’s seal of approval to provide comfort to those who frequent the business. The hard question comes into how scalable this could be.
The Internet is abuzz with the announcement from Verisign’s iDefense Labs that a criminal hacker on a Russian forum who goes by the nom-de-plume "Kirllos" (Carlos?) is selling the credentials for 1.5 million Facebook accounts in batches of a thousand for between $8 and $30, depending upon their quality (which, in this case, means dates
Is online privacy with Facebook technologically agnostic or can different rules apply if you post with your iPhone or other Smartphone? Are early adopters somehow compromised with their mobile device usage? Can a social media company make money while adopting user-driven privacy which impacts their revenue potential and shareholder value?
Clearly, anything which is posted online should be assumed to be eternal, written in stone tablets, and admissible for all time. For the early adopter (Internet, blogger, Friendster, etc.) this also operates as a reminder of the ever-powerful TOS change: just because the terms of service (TOS) say that your content is private now never
About a month ago I gave a presentation in Kuala Lumpur that covered some of the concerns about the seemingly enthusiastic rush to push everything out "to the cloud". People in the Marketing business love the term "cloud computing" and have come up with some lovely images of fluffy clouds reflected on office blocks and
Recently Eric Schmidt, the CEO of Google, said in an interview “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place”. There are a variety of circumstances in which a person would want some degree of privacy for perfectly legitimate reasons. If a person
[Update: I had a couple of machine crashes while I was writing this, and only just realized that a pointer to Allan Dyer's excellent article at http://articles.yuikee.com.hk/newsletter/2009/12/a.html hadn't survived to the final version. Which is a pity, because it's very relevant, and well worth reading.] Over the weekend, I posted a blog on the AVIEN site
This blog is a bit of an oddity. ESET UK were approached by Dan Damon, a reporter putting together a piece about “the complications of a digital world when someone passes away”, asking if there was someone at ESET who would be interested in being interviewed for BBC1 radio on the subject. The request got
I was speaking with our friend David Perry at Trend Micro about the insecurity of social networking services and what steps users could take to strengthen their security online. In the course of our conversation, we came up with a list of simple steps you could take to better protect yourselves. Be careful about whom you
Perhaps I imagined it, but a few days ago when I allowed Firefox to update to fix security vulnerabilities my privacy settings were reset to less private settings. I had Firefox set to clear the history on exit, and prompt me. I also had it set not to accept third party cookies. After the upgrade
As I previously pointed out http://www.eset.com/threat-center/blog/2009/08/04/calling-adobe%E2%80%99s-bluff, Adobe is at best deceptive about claims of the security and privacy of Flash. Even if you do not know what flash is or how to find it, you probably have it on your computer. If you open control panel and go to the “add or remove programs” application
Dear Adobe, It is time to put up or shut up. Your web site FAQ http://www.adobe.com/products/flashplayer/security/privacy_policy/faq.html has the following entry: Does Flash Player compromise my privacy and security? No. Flash Player is not only the most widely distributed piece of software on the Internet today, it’s also one of the most secure. Given that Flash
Back in January I blogged about a shortcoming of HIPAA. HIPAA legislation is, in part, supposed to help protect our privacy when dealing with health care providers. Unfortunately there is a hole in the legislation that you can fly a Boeing 747 through. May of us have to log on to a web site to
If sensitive information is stored on your hard drive (and if you don’t have -something- worth protecting on your system, you’re probably not reading this blog…), protect it with encryption. Furthermore, when you copy or move data elsewhere, it’s usually at least as important to protect/encrypt it when it’s on removable media, or transferred electronically.
Don’t disclose sensitive information on public websites like FaceBook or LinkedIn. Even information that in itself is innocuous can be combined with other harmless information and used in social engineering attacks. Rather than expand on that point, for now, I’m going to point to another "10 ways to protect yourself" resource: the more good advice