Speaker: Tee Morris
1 -2 PM
First off: Hands down, this is the best intro to a talk ever.
Security is essential…[since the last time I saw a version of this talk, wow…Foresquare? Pinterest? Employers wanting your FB login information? All KINDS of new problems in terms of safety.]
So what do we social butterflies do? Share!
- social bookmarking
- (digg, delicious.com, now, Pinterest (#3 social network in the world; only popularized in the last few months)
- social networking
- (-FB, Twitter, G+, Third-party addons)
That’s a lot of sharing. Shouldn’t you consider security? Controlling who you’re sharing stuff with? How much is too much?
“Security goes against the sharing concept.” – Tee disagrees.
Know what’s out there. Know how to protect yourself.
- spam (we get so much spam, because 40% of all spam is replied to. Holy cow, if you could get that much action from a direct mailing list campaign, they wouldn’t price them by the 1000.)
- SQL injections and XSS (Cross Site scripting) – web hosts need to put these defences up for you. Hackers get into your site & inject code that stops access to your site
- DoS – perhaps the scariest? A hacker can hijack your PC with phishing & spam and turn it into the hacker’s slave for attacks
What are the security measures provided by the networks?
Well, the services ::are:: free, so… NO. We need to be involved, such as: do the WP updates when they’re offered. Mind your third party plugins, ex: JetPack plugin for analytics vs the secure Google analytics.
How secure is your web host? Do some research about their security.
Facebook – whoo boy. Do you even KNOW where your privacy settings are? When’s the last time you changed your passwords? It’s all there for a reason. They WANT you to share b.c they bring in revenue that way. Application management on FB? Yeah, they’re mining your account for info. And the illegit ones want to get into your account to get to your friends. (Humm…if they want my username & password, this is not a good idea.)
Twitter API. Its strongest feature & greatest weakness. Add only the apps you NEED.
Common sense! Your best cross-platform defence. (Sony’s hack. One year later, they’ve lost $6.4 billion.)
User error is the biggest flaw or hole in security.
Lady Shelly Sawyers….you know, James Bond’s boss’ wife! Who was posting their home address, and vacation pics…to Everyone on FB. Oopse.
Numbers game on social media; for some reason it’s all about the numbers. But, Tee says, it’s quality you want, NOT quantity.
Phishing for followers is a baaad idea.
Consider the worth of your name & your password.
@safety – Twitter’s safety account. They will help you solve any hacks or security issues you may end up with on your Twitter account.
Geotagging – was Please Rob Me irresponsible or imperative?
Think, folks. Think. Post a pic of your kid? Use a name, like Sonic Boom, [a superhero nickname for Tee’s child used on social media] not their own real name.
What do we need from the providers?
- realistic level of responsibility
- take security breaches seriously. (not “oh, well….”)
- More control and more simplified privacy settings [looking at you, FB. – a]
- Pay for protection option. (Wouldn’t it be nice to pay to keep your data private from onlookers?)
What can we do?
- define & set up security plan. We’re saying this, not this, if x happens, we’ll do this.
- Run antivirus software. Even Mac users..500,000 Macs got a virus this week. Well, that’s what’s been reported. No one wants to admit being hacked. Embarassing.
- MacKeeper. – runs in real time, no performance it, and it automatically updates.
- ZeroBit. Tee likes it so far. Meh on Norton & McAffie
- [Michael Carnell recommends Microsoft Security Essentials for Windows users]
- Would I feel ok saying this in a room full of strangers? – your test, your mantra for posting to social media
- Open Transparency does not always equate to “full disclosure” – You can be transparent, but don’t tell everyone everything.
- Avoid alienating people new to social media. Don’t call people n00bs. Not nice. “Helping them is the social thing to do.”
- blog.identitytheftcouncil.org (id theft council)
- thecommandline.net (podcast)
Q. What’s the motivation behind a SQL injection?
- spread problem
- farm email addresses
Back up your blog posts. He does it in Word first, then post it to a blog.
Q. Do you think most places have a social media policy? More have them; the downside is that they’re sometimes too extreme, like asking for FB password. Hopefully we’ll get there.