Privacy And The People
So people complained… and the rules were changed. This is all about FaceBook and their change of rules as to who owned the uploaded content – and the change back again to enable people to delete things they have changed their minds about. While this appears to be the answer to our privacy and copyright fears, people should realise that once their information is on the web – it will, most probably, be out there forever… whether they like it or not.
I applaud FaceBook’s openness on their policy but let’s not forget the various search engines that crawl the various sites and then cache the content (even after it’s gone from the original site), or the fact that it is so simple to copy an image and repost it elsewhere.
So, if there are things you would prefer not to put into the public domain – don’t post them on the Internet… not even for a minute… because someone or something will have taken a copy and who knows what will happen to it then – one thing is for sure, it won’t be forgotten or deleted.
(If you haven’t already visited the Internet Archive, then you should… it’s interesting to look back – and also shows what is kept!)
All Twittered Out?
So, now Twitter has been targeted by the hackers and the phishers… are we surprised? No, of course not. Remember phishing is like an arms race and the first to implement an idea will win the battle (but not the war). We had a similar issue at the end of last year with cyber-criminals targeting social networking sites and just as that has gone off the boil, they have moved on to Twitter – that will reduce and then we will be onto the next thing… probably dedicated photo sharing sites, after that, well who knows. One thing is for sure, it will happen – where there are people there is money to be made. The more people, the more money.
It can be tough to spot a rogue URL when it purports to having been sent by a ‘friend’ but we need to continue to be vigilant and raise awareness. So, if you do follow a link and end up at a site that asks you to install something – don’t. If it asks you to confirm your username and password – don’t.
If your organization has a regular security education bulletin that goes out to staff then make sure this is included as one of the latest scams – if you don’t have regular bulletins, then send out a special one to remind people that these scams are doing the rounds and to be careful.
While we often think that social networking sites and other Web 2.0 collaboration tools are used by individuals rather than companies, the truth is that they are often visited while at work and you really don’t want your work systems compromised any more than you would like you home PC to be.
Who Did That?
Bharrat Jagdeo, the president of Guyana has asked police to find out who has put up a Facebook site masquerading as him… I have written about the troubles of impersonation on social networking sites on several occasions before and the problem is that this is only going to get worse.
“On the Internet no-one knows you’re are a dog”… and the same is true today, it’s just today not only may you be a dog, but you also could be impersonating someone else. This has been true for a long while and so cracking down on chat rooms has been somewhat of a priority. However, we may now see renewed interest as the impersonators move to government officials and celebrities and more legislation and technology comes into being to prevent it from happening (quite so easily). Think of a celebrity and put it into any social networking site and it will return with multiple entries… OK, so if you are looking for John Smith then you will find many hundreds or thousands of entries but the same is true for celebrities with more unique name. Herein lies the problem… your name is not you. You might think that it is, and unfortunately your friends might think that it is – but it isn’t. Anyone could have the same name or, if they really wanted to, change their name to be the same as yours.
There have been a number of relatively low profile cases of cases against impersonators and hoaxers using social networking sites as their means to an ends, but this will no doubt get worse before it gets better. 2009 with its gloomy economic outlook may well be the time when fraudulent use of other people’s reputation takes off. In the mean time, you should keep an eye on your on-line profile and the associated reputation and double check that what has just arrived from ‘a friend’ really has come from the person you thought it was – just to make sure that it doesn’t come back to bite you.
Tis The Season To Be… Careful
Our old friend Koobface is back – just as ugly as ever. This is a browser based attack and is targeting FaceBook users. It works like this… the cyber-criminal hacks a page on a social networking site and effectively sends the ‘friends’ a link saying they should visit a link (for a movie in this case)… the friend, visits the link and is asked to install something in order to see the movie (or pictures or anything really). Because it came from a ‘friend’ they do and that’s the machine infected. 1-0 Cyber-criminals.
What to do? Well, its simple really – don’t install stuff you really don’t know where its coming from. If it says its from Adobe or Microsoft, then go to their websites to download it, don’t just click the link – just in case.
But hey, this is aimed at end-users should I worry at work… YES. Many employers allow their employees to access FaceBook so it would be a work machine that is infected… and the chances are there is a lot more of interest to a cyber-criminal on a work machine than a home one. So… send out an email to employees today – warn them of the problem and how to protect themselves at work and at home.
Ensure that your anti-virus, anti-phishing anti-malware is up to date. The holidays are a lucrative time for cyber-criminals as they know people want to see pictures and grab a bargain – so protect yourself… Today.
You’re My Best Friend… Please Send Money
The old Nigerian 419 scam has been brought into the 21st Century with the aid of social network sites. The scam is basically the same, send me money and I will give it back to you. However, the twist is that the cyber-criminals are hacking into social networking accounts and sending the messages from there…
So… if you have a ‘friend’ and they are asking for money – check that they are who they say they are before you do something you will regret. It is all too easy to get caught up in the moment and do something rash – like give away your credit card or bank details…
When Helpful Doesn’t Help
There is a new hack in town well it will be in Las Vegas next week and it’s simple – create a file that looks like one thing to one application and something else to another. Types of file have always been helpful to the OS, it means that you can ‘click’ on a file and it knows what application to use to open it. In this case, this ‘feature’ is what is being used as the exploit.
Here they have created a file which looks like an innocuous GIF to a web server but is actually a Java applet. The ‘image’ is downloaded but then run by the browser as it thinks it is an applet – result… your machine has just been compromised.
Because it looks like an image, it can be readily uploaded to any and all sites which allow such things (by checking that the upload is a picture), mainly social networking sites – once there, it can then be downloaded by others (who think it is an image) and therefore the infection spreads…
You need to pay a little more attention to what you are downloading – perhaps those latest pictures of Britney are less attractive now?
Halt. Who Goes There?
Reputation – both made and lost in cyberspace. A man is suing a ‘friend’ for allegedly setting up a fake Facebook account with incorrect and damaging details on. Herein lies the problem – it is so easy to do. You don’t need any proof of identity to set up a web page on any of the social networking sites, so you can frame anyone and everyone if you really want to.
I have written before on whether you should or shouldn’t join social networking sites – if only to ensure that others can’t impersonate you. As well as on ither forms of impersonation on the Internet. But… let’s face it, these things are popping up all over the place, OK, so there are a few really popular ones, but you could never cover them all. The problem is that a damaged reputation can takes years to recover if you are a company, and sometimes never recovers if you are an individual – as there is always a nagging doubt.
We don’t have any specific legislation to cover this issue and I’m not sure if any of the legislation we have that skirts the topic (impersonating others) can be brought to bear as it is not being done for personal gain. Perhaps liable – but then again the site is purporting to be ‘you’ rather than someone else saying defamatory things about you. I would welcome any other peoples thoughts in this rather grey area.
Perhaps it is time for social networking sites to grow up, after all their success is based on accuracy – the person you find, is the person you know. It looks like this is an other example supporting the decline in Implicit Trust.
Where’s The Boundary?
A man has been accused of stealing clients using LinkedIn. In this instance, the person involved is a recruiter and he allegedly ‘linked’ to clients while working at one company and then left to start a rival firm – with his contacts from LinkedIn.
Is this data theft? Or is this something that people used to do all the time but because it wasn’t on the ‘web’ people couldn’t find out about it? I think it is the latter. We all create contacts while at work, and some are more organized than others and file them, others, like myself, have a large pile of business cards with notes on them. I guess that if you are a recruiter, you too would have a large pile of business cards – and if you invite people on LinkedIn, well, isn’t that also something we all do?
Should companies look at banning LinkedIn, in the same way as they did with FaceBook? Only to find it wasn’t practical, people would spend more time finding a way around the system, than they would using it – so we have seen a reverse of this trend. So, no, it shouldn’t be banned. Should it be subject to (yet another social networking) policy? Something that defines the boundary between work and not-work. Perhaps… but I would think that people would just add the contacts while at home. I don’t think you can be banned from doing that after all it’s what LinkedIn is all about – keeping up with friends and colleagues in a business context. Maybe companies need to create their own ‘company’ LinkedIn accounts – so that, if nothing else, they have a copy of the information as well.
The way to look at this is that when someone new joins your company, they bring with them their contacts – rather than when they leave, they take them away.
Do You Join… Or Not
I seem to have been inundated with requests to join a new ‘Business Social Networking’ service. It appears that a quite a few people I know have joined up… they have then had their address book savaged and emails sent to everyone they know. So… here’s the dilemma, do you sign up or not? I belong to one business social networking site already, do I really need another?
I think the answer is no – I don’t need another, especially as the one I belong to is well established and does what I need it to (basically keep email addresses up to date - people change jobs all the time, so keeping up with a valid address can be a real task.) Having said I don’t need to sign up to another service, I have joined this new one… why? Just so no-one else can join as ‘me’. I have posted my picture but that is all – and I didn’t let the system look through my address book!
Internet based reputation is just around the corner but it isn’t here yet – and when it does arrive it needs to be guaranteed and user friendly. In the mean time, if someone has put my details out on the web and I need to have an account to correct them, or to keep someone else from signing up as me, then I will. This isn’t foolproof, far from it, there are so many ‘free’ email providers, social websites and the like, if you want to be someone else, it is very easy to do, perhaps a little too easy?
-
Subscribe
-
-
UK Orders
US Orders -
UK Orders
US Orders -
Links, downloads and other resources
Symantec UK
Symantec Podcast Directory
Symantec Security Response
