Tee Morris: Access Denied: Remaining Safe In Social Media

OMG! Tee, your presentation starter ROCKS!!

Nobody talks about this & no one seems to want to.  This is like letting your kids play by yourself, writing your will & taking out life insurance on your kid.

Tee doesn’t menion kids name online, by the way

Social Butterfly Effect:
1) Blogging & podcasting. This is still possibly unsafe.  (Even a password protected blog is 1 copy & paste away from being unsafe, says Heather Solos).
2) Bookmarks.  Digg & Delicious
3) Social Networks: Facebook & Twitter, etc.

How much is too much?
Common Attacks that social media is up against:

  • DoS attack (monitor sites such as status.twitter.com = safety blog)
  • Phishing
  • Spam (Stop replying to it, 40% of people who reply to spam!!)
  • SQL Injection (your blog db – a hacker gets access to your blog DB & puts in code.  The code lets them get into the comments of your blog & let them be a control panel & it executes commands like “delete database”
  • XSS (Cross Site Scripting – the hacker can remote control your accounts & login as you to send out commands)

Who’s minding the store?
How good is the security for your blog?  WP has Akismet, blogger doesn’t last he checked.  What about 3rd party plugins?  How much do you have to give away to get that to work?  What about your web host’s security?  Ex: Dreamhost’s only hack that Tee has heard of was Jared’s Dreamhost hack.  They do a lot for security.

Facebook: [me: hahahahaaaa!] Privacy filters.  Whoever’s minding the store at FB needs to wake up. Also, application management on FB.

Twitter: API (ping from API..a great strength & a great downside…boy, it’s sure easy to spam ppl on twitter.)  But also…common sense!!! People don’t think….

USER ERROR
And yes, sometimes if you look around the table & can’t find the nitwit…it’s you!

Example: Jessica thingy who had a blog about her Washingtonian sex life.  Um, she had no password on her blog & well, she got fired, got a book deal to playboy, to call girl ring on MySpace, to marrying a lawyer.  Um just make a password & use a form letter to send it out.

Can You Keep a Secret: Apparently not…
ex: housewife on FB who posts her move on FB, vacay photos, etc.  Well, she is the wife of the director of MI-6 [me: I had forgotten that!]

Numbers game on Twitter is making the noise level go up on Twitter.  Go to tweepi.com, put in a username & you’ll see who’s in that network & when was the last time they tweeted.  How many times they tweeted?

Worth of your password
Don’t give out your Twitter password so often. Story: Twitter awesomeness site that if you put in your password, it told you you’re being unsafe

Care more about your influence ON YOUR NETWORK, not on twitter as a whole

Worth of your name:
What is your network going to think if you do something.
Beware a DM from a friend who isn’t friendly.  Don’t click DMed linked if not from a trusted person you recognize. You can always @reply that person & say, “Did you dm me?”

Wherever you go, there you are.

  • (Tee loves twitter.  Tweetlonger users are cheating! :) )
  • Foursquare + please rob me.  See to me if you don’t check in everywhere, hey! Will someone really do this?  Tee thinks Please Rob Me was right to point this out. 1) Robbery 2) Stalkers

Security starts with the users.  Think, people!!

What should we expect from providers?

  • Realistic level of responsibility.  Sometimes you get what you pay for.
  • Stop saying Oh well….  Step up!
  • Better security measures
  • More control/simple privacy settings. Control is good.  Don’t feel like you have to follow everybody.
  • Pay for protection.  Well, why not?  Tee’s okay with that

So what do we users do?

  • Define parameters.  Have a plan.  (eg: will talk about my kid, but not use their name.  I’m on twitter, but I won’t use GPS. I’ll DM ppl who break a rule & ask them gently not to.)
  • “Would I feel comfortable saying this out loud in a roomful of strangers”
  • Open transparency isn’t the same as full disclosure
  • Don’t alienate those who are new to Social Media [me: huh? how would you…oh, like calling someone a n00b.  Jeeze, I’d call myself a n00b, never anyone else. Unless we’re friends & they know I’m kidding. Don’t do this, anyone.]

Resources:
socialmediasecurity.com – podcast from professional hackers who are good guys
thecommandline.net – parsec award winning podcast (“don’t fear the hacker”)
wired.com/threatlevel – breaking news
darkreading.com – security stuff is a good read
idguardian.com – his day job. He & pros on security give tips on safety

Questions:

  • What about RFID? They aren’t connected to GPS…the passive tags (most common) vs the active. Black Hat ppl have read the tags from 140 feet away, way more than the 6 feet the industry advertised.
  • Upside for RFID: recycling a used product. Knowing what’s in the fridge when you’re away, etc.
  • FB security? Is it vetted? Kinda sorta. It’s tighter now than it was, thanks to that quiz that showed you what you’ve just released when you do a quiz.
  • More on Foursquare & geolocation.  People seem nervous about this idea.
  • spokeo.com [Me: silly site. :) None of that stuff is true about me.  Late 60’s? NO!]
  • Really? Tee says people still dumpster dive to steal your ID.
  • Heather’s comment: use a backup if you make a oversharing mistake, it will keep you safer (eg: use a house-sitter)
  • Basically: ask questions.  Take precautions.  Use common sense to be safer.

Leave a Reply

Your email address will not be published. Required fields are marked *

*