Time and time again security experts warn you not to share your password with anyone, yet sites like Facebook are always encouraging you to give them the password of an account that is not a Facebook account… your email account. You’ve probably seen the screen shot below on your Facebook friends page. It is asking
The survey asked just two questions:
1.Does your organization have a formal/written social media acceptable use policy?
2.What level of access does your organization allow to each of the follwoing social media sites: Twitter, Facebook, YouTube, LinkedIn, Blogs, and Other?
You might recall back in November of 2009 ESET released the findings of a survey about cybercrime http://www.eset.com/threat-center/blog/2009/11/16/once-upon-a-cybercrime%E2%80%A6. We went back to Competitive Edge Research & Communication and commissioned them to conduct a new survey to determine prevalence of social networking as well as to identify online security and privacy concerns of Americans. In addition
…but not in a good sense. Clearly there's a lot of confusion about the detail of Facebook's latest changes, as suggested by MSNBC at http://www.msnbc.msn.com/id/36877160/ns/technology_and_science-tech_and_gadgets/, though it's clear enough that they don't amount to a victory for common sense and user privacy. But what do you do about it? Well, here's a good start. Social Media
In response to questions I heard this weekend from friends of mine about the ‘big picture’ relevance of the 1.5 million Facebook accounts compromised, I referred back to last month’s FBI speech from Dep. Asst. Dir. Chabinsky: “Don't be surprised if a criminal compromises your or one of your colleague's personal social networking accounts to
The Internet is abuzz with the announcement from Verisign’s iDefense Labs that a criminal hacker on a Russian forum who goes by the nom-de-plume "Kirllos" (Carlos?) is selling the credentials for 1.5 million Facebook accounts in batches of a thousand for between $8 and $30, depending upon their quality (which, in this case, means dates
Earlier this month, we reported on the massive new Koobface campaign making the rounds through Facebook and how it tricked users into downloading and running it through that tenet of social engineering, the fake codec. We now have a video showing how the Koobface worm tricks users into running it: NOTE: The audio is not
The Apple iPad is the current gadget du jour amongst the digerati and has been seeing strong presales, with estimates as high as 150,000 units on the first day. With such attention in the media and the blogosphere, it is no wonder that both legitimate businesses and scammers have taken to using it as bait
[Part 6 of an occasional series, updating a blog series I ran in early 2009 to reflect changes in the threat landscape. This series will also be available shortly as a white paper.] Social Networks Can Be Very Anti-Social Don’t disclose sensitive information on websites like FaceBook or LinkedIn if you can’t be sure that you
OK, I'll save the novel for another time. However, there's a rather less ambitious snippet of my recent writing at http://www.eurograduate.com/article.asp?id=3015&pid=1, an article called "Fact, Fiction and the Internet," and, further to some of my recent posts here, touches on the dangers of social networking. Though you might think that someone with as many twitter
Social networking sites have become living biographies of people and may set them up for social engineering attacks. From time to time I enjoy looking to see what I can find out about people who send question to me using the AskESET@eset.com address. I won’t ever name names, but I wanted to share one example.
"Now may I suggest some of the things we must do if we are to make the American dream a reality. First, I think all of us must develop a world perspective if we are to survive. The American dream will not become a reality devoid of the larger dream of brotherhood and peace and
As reported at http://www.eweek.com/c/a/Security/Twitter-XSS-Vulnerability-Still-Wide-Open-Developer-Says-433005/, a researcher has found a cross site scripting vulnerability that affects Twitter. The researcher claims that by exploiting this he could gain access to the Twitter accounts of anyone who views his specially crafted tweets. The explanation of the problem is a bit techie, but there is a very key point
I was speaking with our friend David Perry at Trend Micro about the insecurity of social networking services and what steps users could take to strengthen their security online. In the course of our conversation, we came up with a list of simple steps you could take to better protect yourselves. Be careful about whom you
As I write this, Twitter, the popular social networking site is experiencing a distributed denial of service attack. I do not know where the attacks are originating from, or the reason, but it occurs to me there may be hell to pay. So what motives? Perhaps the bad guys are upset that Twitter has recently
How secure is your Social Security Number? If your answer is "Very: I only ever give it to organizations who are entitled to know it", that may not be as safe as it sounds. Of course, there are a couple of fairly generic issues: some legitimate, convenient organizations may ask for it who are, nevertheless,
I just read a startling news story about how someone didn’t understand what NOT to post on Facebook. The article titled “British spy chief’s cover blown on Facebook” tells how the wife of Sir John Sawers put up way too much information on Facebook. You can read the story at http://tech.yahoo.com/news/nm/20090706/tc_nm/us_britain_mi6 You don’t have to
The news broke a short time ago that pop star Michael Jackson died of a heart attack. It is all too predictable that the bad guys will use this news event to spam out fake videos or links to alleged pictures in order to trick users into installing their malicious software. If you receive an
It’s often claimed that men think about sex very seven seconds. Sorry, where was I? Oh yes… I’m not sure where that pseudo-statistic comes from: apparently not from the Kinsey report as is often claimed, and a more recent poll, while reflecting perhaps more liberated views about sexuality than could be admitted to in the
The City of Bozeman, Montana effectively joined the ranks of phishers when they asked job candidates for their usernames and passwords for social networking sites that the applicant belongs to. In a report at , after considerable outcry the city rescinded its mindless policy. To begin with, the city was asking applicants to breach their