Posts Tagged ‘social media’

Here’s a cool/creepy thing to keep in mind … when you post to social media or take photos with your phone, it is entirely possible that your laptop or mobile device is also adding location data to your work. This could be a very useful feature if where you are adds context to your posting, such as where you were when you took that awesome shot of the sunset over the ocean (which ocean?  which beach? what season?) or if  you just tweeted about a great slice of pizza others may want to know where so they can get one too.

On the other hand, if you weren’t aware that this information was being captured and made available for all to see, you might not think it was such a great idea. For instance, you could be passing time in a doctor’s waiting room tweeting about last night’s game and not realize that you’ve just told the world that you have a medical problem of a somewhat sensitive nature.

For a real world example of this, I used a tool at to view the comings and goings of one of the giants of the IT world. I’ve redacting his actual Twitter handle out of respect for his privacy but what I found was publicly available information that anyone could easily obtain. The screenshots below reveal what I found with just a few clicks …



As you can see our subject is quite the world traveler but he spends most of his time on the West Coast.









Zooming in on the red “hot spot” from the previous image shows that he is probably based in Silicon Valley.








Zooming in further still shows a Google map with one of the tweets coming from a urologist’s office.





Maybe he was just there to work on their computers but, still, it’s probably not what he had in mind to blast out to the Twitterverse when he wrote that tweet.

A similar bit of stalker magic is available from which correlates tweets using the words “home,” “house,” etc. with the geolocation from Twitter to assert, with reasonable confidence that you live at the following address …


Pretty creepy, huh? Consider yourself forewarned and double-check those settings to make sure that you aren’t guilt of revealing TMI…

Here’s a link to a short, 15-minute video on the subject of “Social Media Threats” that I did today for Hacker Hotshots. I had to step out of a customer workshop and use my iPad for the web cast so the lighting and camera angle are far from ideal but, hopefully, you will at least get an idea of what’s out there waiting for you on the Interwebs…

I’ve posted a video of the full presentation I gave in Munich earlier this year on social media threats but now if you want the abbreviated format, please join me at Hacker Hotshots on Thursday, July 18, at noon (EDT) for a short web cast.

Here’s a link to the web site where you can register:

One of my favorite quotes is “if you aren’t paying for it, you are the product, not the customer.” The reason I like it is that it very succinctly and accurately describes the relationship we as end users have with many of the online services we have come to rely on ranging from email to social media.

We don’t pay for gmail accounts or Facebook accounts or LinkedIn accounts so that means we are the products, not the the customers of these services. So what happens if your account gets hijacked and you need a way to take back control? Can’t you just call customer service and have them restore things as they should be? Not really and that’s because products don’t get to complain — customers do.

So, what can you do to get your account back? One thing is to do some work up front that will make the need less likely and, failing that, make recovery less painful.

One bit of prevention is to make sure you choose a strong password.

Another is to set up two-factor authentication for your account (assuming the service provider supports this — Google and Facebook do, for instance) so that if anyone tries to log in from a new, untrusted device a code will be sent to your mobile phone via SMS (as one example) which must then be entered in order to complete the login process. This way an attacker would not only have to steal your password but also your phone in order to break in. Not impossible, but certainly harder.

Still another precaution you can take is to leverage Facebook’s new “Trusted Contacts” feature which lets you designate 3 to 5 friends who can then be leveraged to provide you with a security code to get back into your account. It’s sort of like giving parts of spare keys to your neighbors so that they can help you get back in if you lock yourself out.

Since the service is brand new there’s no telling just yet how well it will work but it certainly sounds promising. Here’s a good article from PC World that goes into more detail, if you’re interested …

Here’s an article from the Greater Wilmington Business Journal covering the keynote I gave on social media threats yesterday at the Wilmington IT eXchange.

Thanks to the 130 or so people that came out and packed the house and a special thanks to Dr. Tom Janicki and Dr. Bryan Reinicke, for the invitation to speak and hospitality while I was there.

Wilmington IT eXchange

Posted: February 25, 2013 in Uncategorized
Tags: , , ,


I’ll be doing the keynote presentation at the Wilmington (NC) IT eXchange and Conference on April 9, 2013. The annual event will be held on the campus of by UNC Wilmington and led by Dr. Tom Janicki and other faculty.

My talk will be about Social Media Threats and will kick off what should be an interesting afternoon of elective learning sessions, exhibits by vendors and UNCW students and professional networking. Hope to see you there …

NCSU TechTalk

Posted: February 18, 2013 in Uncategorized
Tags: , , ,

I’ll be doing a TechTalk on social media threats at NC State University for the local chapters of the Association of Computing Machinery (ACM) and the Association of Information Technology Professionals (AITP) on Tuesday, Feb 26, at 6:00 pm.

The event is open to the public and details can be found here. Hope to see you there …

Here’s the video stream (with slides) of the keynote address I gave at last month’s OOP 2013 conference in Munich on the subject of Social Media threats and how they relate to key Identity Management issues involving authentication.

OOP 2013 Keynote - Munich, 22 Jan 2013

OOP 2013 Keynote – Munich, 22 Jan 2013


In case anyone is interested, I’ll be doing three presentations at the upcoming InfoSec World 2013 conference in Orlando, FL, April 15-17.

This will be the 8th year that I’ve presented at the conference dating all the way back to my first appearance in 1999. The folks at MIS Training Institute that run this event always do a great job so I’m looking forward to yet another interesting event where I’ll, hopefully, get to meet some of you and hear about the latest hacking techniques from the other presenters.

I’ll be presenting the following topics which you can read about in the conference brochure.

  • “Creating an End-to-End Identity Management Architecture”
  • “Federated Identity Management”
  • “How Secure Are We? Identity Management and Social Networking Threats”

By the way, the brochure has different speakers listed for the first session listed above but I’ve been asked to fill in for the original cast.

Hope to see you there!




Posted: October 30, 2012 in Uncategorized
Tags: , , ,

I will be presenting at the Object Oriented Programming 2013 conference in Munich on January 22 on the subject of Social Media security and privacy threats and Identity Management. Here’s the link to the event’s web site (click on the British flag in the top right corner for English):



In preparation for the conference, I also did an interview with Matthias Bohlen, which introduces the topic and gives a taste of what I will be covering in the talk. The podcast can be downloaded for free from iTunes at:




Hope you find it interesting and if you’re going to be in Munich at that time, please stop by the session and say “hi.”