Posts Tagged ‘social media’

Here’s a cool/creepy thing to keep in mind … when you post to social media or take photos with your phone, it is entirely possible that your laptop or mobile device is also adding location data to your work. This could be a very useful feature if where you are adds context to your posting, such as where you were when you took that awesome shot of the sunset over the ocean (which ocean?  which beach? what season?) or if  you just tweeted about a great slice of pizza others may want to know where so they can get one too.

On the other hand, if you weren’t aware that this information was being captured and made available for all to see, you might not think it was such a great idea. For instance, you could be passing time in a doctor’s waiting room tweeting about last night’s game and not realize that you’ve just told the world that you have a medical problem of a somewhat sensitive nature.

For a real world example of this, I used a tool at http://teachingprivacy.icsi.berkeley.edu:8080/#project to view the comings and goings of one of the giants of the IT world. I’ve redacting his actual Twitter handle out of respect for his privacy but what I found was publicly available information that anyone could easily obtain. The screenshots below reveal what I found with just a few clicks …

TwitterTrack1

 

As you can see our subject is quite the world traveler but he spends most of his time on the West Coast.

 

 

 

 

 

TwitterTrack2

 

 

Zooming in on the red “hot spot” from the previous image shows that he is probably based in Silicon Valley.

 

 

 

 

TwitterTrack3

 

 

Zooming in further still shows a Google map with one of the tweets coming from a urologist’s office.

 

 

 

 

Maybe he was just there to work on their computers but, still, it’s probably not what he had in mind to blast out to the Twitterverse when he wrote that tweet.

A similar bit of stalker magic is available from WeKnowYourHouse.com which correlates tweets using the words “home,” “house,” etc. with the geolocation from Twitter to assert, with reasonable confidence that you live at the following address …

WeKnowYourHouse

Pretty creepy, huh? Consider yourself forewarned and double-check those settings to make sure that you aren’t guilt of revealing TMI…

Here’s a link to a short, 15-minute video on the subject of “Social Media Threats” that I did today for Hacker Hotshots. I had to step out of a customer workshop and use my iPad for the web cast so the lighting and camera angle are far from ideal but, hopefully, you will at least get an idea of what’s out there waiting for you on the Interwebs…

I’ve posted a video of the full presentation I gave in Munich earlier this year on social media threats but now if you want the abbreviated format, please join me at Hacker Hotshots on Thursday, July 18, at noon (EDT) for a short web cast.

Here’s a link to the web site where you can register:

http://www.concise-courses.com/infosec/20130718/#

One of my favorite quotes is “if you aren’t paying for it, you are the product, not the customer.” The reason I like it is that it very succinctly and accurately describes the relationship we as end users have with many of the online services we have come to rely on ranging from email to social media.

We don’t pay for gmail accounts or Facebook accounts or LinkedIn accounts so that means we are the products, not the the customers of these services. So what happens if your account gets hijacked and you need a way to take back control? Can’t you just call customer service and have them restore things as they should be? Not really and that’s because products don’t get to complain — customers do.

So, what can you do to get your account back? One thing is to do some work up front that will make the need less likely and, failing that, make recovery less painful.

One bit of prevention is to make sure you choose a strong password.

Another is to set up two-factor authentication for your account (assuming the service provider supports this — Google and Facebook do, for instance) so that if anyone tries to log in from a new, untrusted device a code will be sent to your mobile phone via SMS (as one example) which must then be entered in order to complete the login process. This way an attacker would not only have to steal your password but also your phone in order to break in. Not impossible, but certainly harder.

Still another precaution you can take is to leverage Facebook’s new “Trusted Contacts” feature which lets you designate 3 to 5 friends who can then be leveraged to provide you with a security code to get back into your account. It’s sort of like giving parts of spare keys to your neighbors so that they can help you get back in if you lock yourself out.

Since the service is brand new there’s no telling just yet how well it will work but it certainly sounds promising. Here’s a good article from PC World that goes into more detail, if you’re interested …

http://www.techhive.com/article/2037098/facebooks-trusted-contacts-lets-friends-bail-you-out-of-a-hack-attack.html#tk.nl_today

Here’s an article from the Greater Wilmington Business Journal covering the keynote I gave on social media threats yesterday at the Wilmington IT eXchange.

http://www.wilmingtonbiz.com/industry_news_details.php?id=5198

Thanks to the 130 or so people that came out and packed the house and a special thanks to Dr. Tom Janicki and Dr. Bryan Reinicke, for the invitation to speak and hospitality while I was there.

Wilmington IT eXchange

Posted: February 25, 2013 in Uncategorized
Tags: , , ,

 

I’ll be doing the keynote presentation at the Wilmington (NC) IT eXchange and Conference on April 9, 2013. The annual event will be held on the campus of by UNC Wilmington and led by Dr. Tom Janicki and other faculty.

My talk will be about Social Media Threats and will kick off what should be an interesting afternoon of elective learning sessions, exhibits by vendors and UNCW students and professional networking. Hope to see you there …

NCSU TechTalk

Posted: February 18, 2013 in Uncategorized
Tags: , , ,

I’ll be doing a TechTalk on social media threats at NC State University for the local chapters of the Association of Computing Machinery (ACM) and the Association of Information Technology Professionals (AITP) on Tuesday, Feb 26, at 6:00 pm.

The event is open to the public and details can be found here. Hope to see you there …