In addition to my latest Security Awareness Post on Social Engineering here are some additional things to be aware of as well.
Trend Micro’s CTO Raimund Genes discusses in the video below how an attacker can use the information that a user posts on social networks like LinkedIn and Facebook to hack into a corporate network.
With its millions of users, the world’s most popular social network has become a perfect target for attackers exploiting such a dense concentration of potential victims. There are numerous reports from users whose Facebook profile has been hacked and whose identity has therefore been placed at risk. If your Facebook profile is hacked below are some steps to follow to help limit the ongoing effects.
[box type="info"]Step 1: Firstly, remove all permissions that have been given to the malicious application. This is a simple process: from Account > Application settings in the top-right corner of your Facebook profile. This ensures that the application will not continue to have access to your profile once the password is changed.
Step 2: Change the login password! To keep your identity safe, it is advisable to change your password and the user name (it’s a good idea to do this from time to time anyway). This is also easy: Go to Account > and Account Settings in the menu in the top left corner of your Facebook profile. It is also advisable to use strong passwords that cannot easily be guessed. [/box]
Facebook has announced another security feature which will allow you to logout of your account remotely. So now if you use someone else’s computer or phone to access your facebook account and forget to logoff of when your done, you will be able to login from another device and end that session. This feature will more than likely be rolled out gradually and below is an image of what you will see when it is.
To check to see if you have it already, simply go to your Account Settings page and choose to change you Account Security. The information provided for each active session will consist of the login time, device name (if you have named it), a ballpark location derived from the IP address, and the browser and operating system on the used device. This way, even if someone accesses you account after you or your account credentials get phished and used, you can lock out those users by terminating the session remotely and changing the password for the account.
In case you forgot Facebook also rolled out a security feature in May that when enabled will notify you when your account has been accessed from an unapproved device. Below is what that screen will look like.
Social networking users should be careful when accepting friend requests and to be conscious of the data they share. According to a new study by BitDefender, social network users do not appear to be preoccupied with the real identity of the people they meet online or about the details they disclose while chatting with total strangers.
The study revealed that 94 percent of those asked to “friend” the test profile, an unknown, attractive young woman, accepted the request without knowing who the requester really was. The study sample group included 2,000 users from all over the world registered on one of the most popular social networks. These users were randomly chosen in order to cover different aspects: sex (1,000 females, 1,000 males), age (the sample ranged from 17 to 65 years with a mean age of 27.3 years), professional affiliation, interests etc.
In the first step, the users were only requested to add the unknown test profile as their friend, while in the second step several conversations with randomly selected users aimed to determine what kind of details they would disclose.
The study showed:
If your a Facebook user be on the look out for the latest survey scam spreading like wild fire. There have been many variations of this scam. Two versions have been discovered by Sophos, which the sharing of the messages with this text:
For more information check out the Graham Cluley’s blog
Incident-prone social network monolith Facebook has plugged yet another security leak, this time involving the indexing by search engines of email addresses not listed on Facebook.
Thousands of email addresses submitted using Facebook’s “Find a friend” feature that were not tied to a Facebook account wound up getting indexed by Google, according to Blogger Cory Watilo, who was among those affected. The “Find a Friend” feature allows friends to hunt for acquaintances on Facebook by email address, so those exposed have their so-called mates to thank for any exposure.
Check out the article – [The Register]
How would you like to get one of the much-anticipated iPad gizmos in exchange of simply filling up a mere survey? Well, the offer sounds pretty good – in fact, it sounds too good to be true and that’s what it is. The scheme is massively advertised on a Facebook Events page where about 2500 people signed up for the event and – probably – fell victim to the phishing attack.
Check out the article – [Help Net Security]
