Your Ad Here

Thursday, July 2, 2009

Personal Security on Social Networking Sites

This articles originally is posted on: www.securityorb.com


Personal Security on Social Networking Sites
By
Kellep A. Charles, CISA, CISSP
kellep_charles@yahoo.com

Visits to social networking sites account for more than 10% of the total time people spend on the Internet, according Nielsen Online. A social network site focuses on building online communities of people who share common interests and activities, such as Linkedin.com and Facebook.com. Facebook is now the most visited social networking site on the Internet, with nearly 1.2 billion visits in January 2009 alone, while Twitter and Linkedin are steadily gaining ground.

Hackers have adopted the popularity of social networking sites into their malicious plans to compromise systems and steal personal identifiable information. Recent attacks such as the Koobface virus on Facebook and the clickjacking issues faced by Twitter are all prime examples of the recent challenges. Also, these very same hackers have the capability to remain anonymous on these social networking sites, which enforces the notion, you really do not know who is on the Internet with you.

Security on social networking sites are at a minimal standard right now, they rely on usernames and passwords for authentication and security, which means that anyone who finds out your username and password can gain access to your account. Until social networking site security evolves with time and improves, users need to be very careful and diligent.

Here are a few tips that should assist in making sure you are safe when using social networking sites:

1. Understand how the social networking site displays your information. Some sites will allow the user to control who can see your information, while others will allow anyone and everyone to view postings.

2. Don't click on shortened (or "condensed") URL's, like those created by TinyURL and Bit.ly. There's no telling where these links lead to, and that makes it easy to funnel you to malicious websites (Drive-by-Download).

3. Be mindful of your personal information such as, don't post your full name, address, age, hometown or information about your family. Even your screen name can pose a lot of identifiable information.

4. Post appropriate information that are comfortable with others seeing and knowing, such as your employer, co-workers and acquaints. Many people will see your page or postings, including the people who will be interviewing you for a current position or a future job.

5. Remember that once you post information online, it may be impossible to take it back. This includes photos that can be manipulated.

6. Be careful when it comes to online personal socializations such as flirting or disputes. Some people lie about whom they are. Be wary if a new online friend wants to meet you in person.

7. Trust your instincts if you have suspicions. If you feel threatened by someone or uncomfortable because of something online, report it to the police and to the operators of the social networking site. You could end up preventing someone else from becoming a victim.

Social networking sites are evolving into our personal and business lives. People from various stages and walks of life are participating in these events with very little knowledge into the dangers of these social networking sites. The site owners only provide the minimal required security measures, while hackers are using tactics that has shown great success in circumventing them. It is up to us, to do what is necessary to protect ourselves until better security measures are implemented or the hackers give up. Don’t hold your breath on the hacker’s giving up.

For more information on this article and other informative articles go to: www.securityorb.com

2 comments:

Denis Canuel said...

I think that instead of telling people not to click on tinyurls (this is going to be rather hard), tell them to install the LongURL plugin on Firefox. It will expand the URLs.

Now even if the link is expanded, you'll never really know what's on the other side... :)

Kellep A. Charles, CISA, CISSP, NSA-IAM said...

Denis, thanks for that comment, it does make sense. I will research longURL applications. I will also reword my document to reflect it and also ask readers to be more mindful when it comes to tinyURLs.

Kellep