advice and tips for using social media safely. 9ic9i 9ic9i its not really
TRANSCRIPT
How to stay safe online!
Advice and tips for using social media safely
It’s magic! https://
www.youtube.com/watch?v=F7pYHN9iC9I
It’s not really magic, it’s all online
Image from: http://blog.whitehatsec.com/introducing-the-i-know-series/
Identity Theft
Physical Theft/Burglaries
Sexual Predators and Stalkers
Spam and Malware
Reputation and Employment
Concerns
Privacy settings
Over Sharing
Location based data/GPS tagging
Reasons
Identity Theft
“Free” services online, make their money by selling you to third parties◦ Because of this, privacy settings by default are
almost completely open You should limit your profile to only be able
to be viewed by friends Facebook has ~170+ privacy settings,
scattered throughout several pages
Privacy Settings
Anytime that you install an app, it asks you to allow it a multitude of different permissions
Even if you lock your profile down, you can still be making everything freely available to apps
A great example of this is at http://www.takethislollipop.com
Apps
The idea of a social network is to gather friends, just make sure that you only accept requests from people you actually know
Accepting unknown people as friends is giving your information away just like granting apps permission
Once they have your information they can target you in spear-phishing emails and other forms of spam
Friend Requests
We constantly preach about not using the same password on multiple sites, but using the same user name can be just as bad
Programs like LastPass and Keepass can store your information for you in a central location
Remember the HB Gary Federal hack last year?◦ The CEO used the same user name and password
across multiple systems
Passwords and User Names
It sounds silly, but don’t take a picture of your credit card and post it online
https://twitter.com/needadebitcard◦ Was created to “shame” people who did just that
Remember, if it sounds too good to be true, it most likely is
Don’t make it easy
What are some good ways to effectively manage privacy settings?
There are apps out there that can help! You do, however, need to be careful about
what apps you choose, so you don’t fall in to what we’ve already talked about
Either verify that the author/creator of the app is a trustworthy source, or just do a Google search for reviews
If you can’t find anything easily, it’s likely not a good program
How can I process all of this?
Privacy Fix installs as an app in your web browser (Firefox and Chrome), it then scans your privacy settings in Facebook and also in your Google account if your logged in to them
It provides you easy ways to “fix” open privacy settings, but does it in a way to teach you
http://privacyfix.com
Privacyfix.com
Is an app in Facebook, created by F-Secure Scans links in your private messages, and
on your wall Allows you to scan links for safety before
you post them on your wall
ShareSafe
Physical Theft/Burglaries
Don’t invite them in
Can anyone give an example of why tagging photos with GPS location data is a bad idea?
Don’t post dates of when you are leaving and coming back from vacation.
Wait until after you get back to post pictures Turn GPS tagging off on your pictures so people
can’t find out as easily where you live◦ http://weknowyourhouse.com/ ◦ https://twitter.com/WeKnowYourHouse
Don’t post things about your house that might make it vulnerable
This could never happen to me! Right?
Going away on vacation?
http://thetimes-tribune.com/news/jessup-police-investigate-break-ins-tied-to-facebook-1.917832
http://www.kcrg.com/news/local/Police-Facebook-Photos-Could-Lead-to-Break-Ins-160333525.html
http://www.cosmopolitan.com/advice/tips/burglaries-because-of-facebook
Predators and Stalkers
Anyone can pretend to be anything online Don’t accept friend requests from people
you don’t know Turn off GPS tagging on your posts/photo
upload◦ If someone is following you, you could be telling
them exactly where you are!
Imagination isn’t always good
Malware and SpamBe careful what you click
Malware is being created with the end user as the vulnerability instead of flaw in software
Don’t click on links sent from people you don’t know
Be wary of links that are even sent from “friends” their accounts could have been compromised◦ A common tactic is to send a link with a caption that
the video is related to something currently going on in the world or related to you (e.g. “Footage of Bid Laden Kill” or “you even see him taping you, that’s awful”
The target has shifted
Does your number fall between (000)000-0000 and (999)999-9999?
A vulnerability was found in Facebook, just last week, that allowed anyone to search for a number and connect it to a name◦ Facebook fixed this vulnerability, however their
“fix” was to limit the amount of searches that an IP address could do in a specified amount of time
If your telemarketer phone calls start to pick up, you might know the reason why now
Do you have your phone number on facebook?
Another trend recently is to receive a phone and be greeted with “I am calling you from Windows!”
They try to convince you that your computer has errors and viruses and you need to download their software and pay them money to fix it
The software is a backdoor giving them direct access to all of your files, and some people have paid upwards of $500 for their “fix”
Malware through the phone
Certain apps will ask you for permission to do all sorts of stuff, even send messages on your behalf
While possibly unintentional, they can still have the effect of spamming your friends◦ A Happy Birthday app is a more common one of
this, that automatically sends all of your friends a private message with birthday wishes
I authorized what?
There are several websites that show what malicious websites are capable of extracting from your web browser◦ …what websites you’ve visited◦ …who is on your Gmail contact list◦ …what Firefox addons are installed◦ …what you’ve previously watched on Youtube◦ …what sites you are logged in to◦ They can steal a browsers auto-complete data◦ They can even activate a computers camera and
microphone This is a great write up on all of the facets:
◦ http://blog.whitehatsec.com/introducing-the-i-know-series/
I know…
Your Online Reputation
Your current and future jobs might depend on it
What are some good examples of oversharing?
This is a short list of things you should not share:◦ Full Name (especially your middle name)◦ Your birth date◦ Hometown◦ Phone numbers◦ Relationship status◦ Your school name/location/graduation dates◦ Pet names
These are answers to some of the most commonly asked “forgot password” questions, and with this information anyone could reset your password
Am I oversharing?
You might be surprised what you find
Facebook has a privacy setting, that by default makes your profile searchable◦ This is one of the settings PrivacyFix helps you
find
Have you ever Googled yourself?
Don’t post it on Facebook! Would you want to post that your hungover,
taking drugs, or what your brand new phone number is?
Sadly, these people all do◦ http://weknowwhatyouredoing.com/
Do you hate your boss?
Visit http://staysafeonline.org/stay-safe-online/
There are great, short, educational videos and topics ranging from how to protect yourself at home and at work, and also how to make sure your kids are safe online
For more tips on how to stay safe
Questions?