To date, Facebook is perhaps the most successful and widespread social networking site. It has transcended age and race, and practically everyone I know has an account. It has so much to offer, hence the amount of time that the average person spends on Facebook has skyrocketed in the past months. Even businesses and employers use Facebook to make their presence felt online!

But in spite of the allure and usefulness of Facebook, it does have some security issues. All the information that one enters can be accessed by the site AND its third party partners. With each application a user “allows,” his information is accessed, probably even shared with others. Unless a user changes the default privacy settings, practically anyone can access his information. This is something that not everyone really thinks about.

But the Canadian government found these issues important. In fact, the pressured Facebook to create some changes with regard to security. Thanks to them, several tweaks have been enacted. PCWorld featured this move and outlined the fixes.

One, Facebook had to fix the way applications access users data:

Apps will have to tell the user what information it wants and get express consent from the user beforehand. Information will be split into categories, which the user can check off before installing. Developers will also have to explain how that personal data will be used.

Two, what happens to a user’s information if he deactivates his account?

Users will be given an option to either deactivate or delete their accounts. Upon deactivation, they’ll be notified of the option to delete, and can elect to do so should they want all their data gone for good.

Three, what will happen to your account if you die?

Facebook will explain in its privacy policy what happens to an account after its owner passes away.

My thoughts – one and two are quite valid. Three, I am not so sure. You’ll be dead, why would you care? In any case, I wonder if Facebook will apply these fixes to the whole system or just for their Canadian users?

Tags: facebook, privacy settings, security, Social Networking, web sites

Categories: News, Privacy & Anonymity, Real-World Issues

Leave a Comment

Yup, 46! That is one heck of a lot of security flaws, don’t you think? Considering that the iPhone is being used by a lot of people to go online, it seems quite irresponsible of Apple to release a product that has so many flaws. Still, that has not stopped people from buying the iPhone. Indeed, the major reason people do not get one is the price and not the existence of security flaws. In any case, the recent iPhone 3.0 update has fixed those flaws.

Of the 46, six of the security flaws involve CoreGraphics. Without the update, if a user views a maliciously coded image, the application he is using may terminate suddenly. Alternatively, it can lead to arbitrary code execution. What that can lead to, who knows? Another flaw involves opening and viewing PDF files. Apple provides the same result: either application termination or arbitrary code execution.

There is also a flaw with regard to the mail client. Without the update, remote images in HTML messages are automatically fetched and loaded. There is no option to turn off this feature. With the update, this potential security flaw has been fixed.

Meanwhile, Safari can now be totally wiped clean – history of visited web pages and searches together – by accessing the option in the Setting menu. Previously, only the history of web sites was removed, and the searches remained. Now, iPhone users can rest easy knowing that they’ve left no traces behind.

Of course, there are other features to the updates, many of them not solely related to security.

Categories: E-mail, News, Operating Systems, Privacy & Anonymity, Web browsers

Leave a Comment

Seems everybody is out for cheap deals on just about everything and who wouldn’t be in this recession where cash is hard to come by and jobs are being shed by the thousands. Now, there are truly some honest cell phone deals out there but you have to be sure you’re getting the right stuff. Having the latest phone gadget might be one thing but keeping that new phone secure from hacks is another. Sure you can get it cheap from the internet but how sure are you you’re getting the real stuff.
Criminals are becoming craftier than ever and they have even managed to copy branded products complete with all the security stickers and holographic security seals with them. They can also be pre-loaded with malware for the amount of computing power they pack is enough to emulate an ultraportable, in function that is. Just how dangerous are these hacking attempts, for mobile devices using Windows very dangerous for there is a group bent on exacting damage on the software giant.
ensuring you have the latest updates to your operating system is vital to maintaining your ability to fend off attacks. Having intrusion prevention systems installed is also a good thing for like your PC, they also need protection. Given the power of these gadgets and their ability to connect to the internet, they are not immune to attack. Let’s set this as an example, an unprotected PC connected to the internet for the first time will last an average of 15 minutes before it is hacked and compromised. Now you do the math for your mobile!

Categories: Cryptography, E-mail, General, IM, IT Security Basics, Malware, News, Privacy & Anonymity, Real-World Issues, Spyware, Tips, Web browsers, Wireless Security

Leave a Comment

Who said that Obama does not have a techie side to him? If reports earlier this month are to be believed, the newbie President is not ignoring the importance of cyber space. Iain Thomson of Vnunet.com had this report early this month:

US president Barack Obama has ordered an immediate 60-day review of the online security of government IT systems to check for vulnerabilities.

“The national security and economic health of the US depend on the security, stability and integrity of our nation’s cyber space, both in the public and private sectors,” said John Brennan, assistant to the president for counter-terrorism and homeland security.

First thoughts…this is wonderful; this coming from the head of the country, it should be a good sign. However, I was thinking about the 60-day limit – would this be enough? More so, are the intelligence arms going to be part of this review? I doubt that the CIA, the FBI, and the NSA will allow anyone to take a look into their systems. Maybe the review is just for the less sensitive government agencies. Who knows?
In any case, I was just thinking of those people who love hacking systems to get credit card numbers, bank account numbers, and the like. Those days will probably be gone pretty soon, don’t you think?

Categories: Malware, Network Security, News, Privacy & Anonymity, Real-World Issues, Security Policies

Leave a Comment

I was only able to fit in two tips in the previous post but no worries, here are more things for you to look at.

To subscribe or unsubscribe? What to do?
You know those e-mail messages informing you of one thing or another and then at the bottom it says “To unsubscribe to this service, click on this link…” or something like that? Well, many are legit but here’s the thing – this tactic is also being used to get you to click on the link and gather information from you. What you should do, instead of immediately unsubscribing, is to first double check if you really have subscribed to that service. Otherwise, you just might find more spam mails in your Inbox. If you’re unsure, just mark the address as spam so that it can be filtered in the future.

Guard “important” e-mail addresses
Some people guard their phone numbers zealously. They would only give their numbers to people they know very well and people who they are ok with contacting them. How come, when it comes to e-mail, it seems that people are less guarded? It shouldn’t be the case. You don’t know who will end up knowing your e-mail address and start sending you stuff that you don’t need or worse, malware. If I were you, I’d set up another web e-mail account that is separate from your main e-mail account.

Remember: There is no such thing as absolute privacy
Whatever you code into your computer and send through e-mail is never ever really totally private. Just bear this in mind when writing anything. It will keep you safe.

Categories: E-mail, Privacy & Anonymity, Real-World Issues

Leave a Comment

Did you know that starting March of this year, every single email that is sent and received in the UK will be monitored? Yep, following the law, all Internet Service Providers (ISPs) in the UK will be required to store email information for a year. Though this law requires information to be kept, the actual content of the emails are not included in the requirement.

However, the fact that information is being monitored – even private emails – has got a lot of people shifting in discontent. The details of the law were published by BBC:

-To keep details of every e-mail sent in the UK for a year
-Internet Service Providers will have to record who sent the email, to whom and when
-The e-mail’s content will not be stored
-Data can be accessed by more than 600 public bodies, such as the police and councils, if they make a valid request
-Part of a European Commission directive

Although the contents of emails are not part of the law, it does not take a rocket scientist to figure out that this gives rise to potential security breaches – BIG TIME. It is a given that the idea behind the law was born out of goodwill. After all, we do know that there are a lot of unscrupulous people out there who take advantage of the technology.

However, who is to say that this database of information will be kept secure and that no one will be able to make unauthorized use of it? That, my friends, is the biggest question. Am sure glad I am not in the UK right now.

Categories: Privacy & Anonymity, Real-World Issues, Security Policies

Leave a Comment

It is perhaps the headache of any IT head when it comes to implement policies to have a smooth running network and department. But while the essence of a good security system is evident, it is really the implementation part that is hard to accomplish.

For one, the transition and building of security awareness from various threats that can easily make their way towards an acclaimed secure network is abundant. Manually or transmitted, suspicious files will always find a way especially if you are not that adamant towards making sure that all bases are covered as far as the security of your system and data is concerned.

Many people fail to appreciate that value of the data they have gathered. They fail to appreciate the value of a strict IT policy mainly because all they care about is a workstation to use and opening files (both internal and external) as they please. So if you put all these things together, you can imagine the problems that an IT guy has to work with. But to some, taking the initiative such as passwords and some hardware exclusions has to be made.

If you notice, some drives like the usual floppy drives or even USB ports are either missing or disabled. To make them work, certain permissions and passwords are set for them to be enabled. Only the IT administrator would know these security measures and basic as they may seem, they really help a lot.

This is just a basic but effective way that IT personnel use. There are the usual network policies but for the sake of people who want to making it doubly sure, old and basic practices such as this is perhaps the best way to go.

Tags: it, management, policy

Categories: IT Security Basics, Network Security, Operating Systems, Physical Security, Privacy & Anonymity, Security Policies

Leave a Comment

We all know that some people using the web for success are desperate and regardless if the message comes to you via email, comments or an instant message, do not click! It is easy to spot suspicious messages. For one, if there is no sane explanation on why you should check it out, refrain from doing so. The difference between clicking may make the difference as far as safety and security for your computer or workstation is concerned.

For most, this may seem redundant. Who in his right mind would click a link gone unsolicited? Well that is true but we forget to consider that not all people are aware of the benefits and dangers that await them on the web.

Just like in modern society, you can expect some tactics that can really deceive you. They are not obvious and in fact can come in any from. In fact, you can even get them from friends who may think that such links to site as harmless. Leading the pack for suspicious links would include:

1. Free software links
2. Files or Images
3. Money making scheme programs
4. Unsolicited Sign Ups

Of course, you would have to consider, to get people to click on links, it has to be entirely in their interest. For most, it is too tempting to resist. Especially if you have not encountered them or have been educated of these threats, chances are you may experience them first hand and may become a forgettable one for overlooking the value of security on the web.

Tags: hyperlinks, identity-theft, messaging, phishing

Categories: IT Security Basics, Instant Messaging, Malware, Privacy & Anonymity, Spyware

Leave a Comment

We all know the importance of having good and difficult passwords once we have access to a site or a network but one thing that many would have to consider would be the length. Others would want it short, but these are people who would not care of why they are given access. Others want it long normally something that they can easily remember such as their address or birthday. But how long should it be?

Traditionally, it should be at least 8 characters. Some are fine with 6 characters but for security reasons and avoiding hackers, it would be best to make it longer. A combination of alphanumeric characters would be better as it makes harder to crack for people who love to do mischief. So if this were the case, the potential combination would perhaps be your car plate number, bank account or even your driver’s license codes. With that in mind, you better make sure you also write it down and keep it in a safe place. This is in case you may forget it for some reason due to the tons of information you have stored up in your mind.

Regardless, a user should always make sure that the password he chooses is something he is familiar with. For most sites, we are asked to put secret questions to which we can answer for ourselves. But in choosing the right one, we must make sure that it is something only we know and not something that can be easily guessed by anyone. Failing to do so may put your access and credibility at risk.

Tags: encryption, passwords, security

Categories: Cryptography, Privacy & Anonymity

Leave a Comment

The problem with spam and phishing has become so much of a problem that Google, has resorted to using Yahoo’s patented DomainKeys technology to protect their email users through Gmail with the security system. DomainKeys was patented and developed by Yahoo but was released under a dual license under the GNU General Public License which allowed the software technology to become a widely accepted internet standard. It uses encryption technology to verify that the domain from which mail comes from is in fact the true source of the sent mail blocking re-directed spam and other malware from taking flight. These types of technology have been vital in the protection of consumers who do online shopping, many of whom fall victim to fake and phishing scams resulting in financial losses.
Internet companies themselves get victimized in terms of the resources they have to allocate to resolve such incidents that start from eBay transactions gone bad that hackers use as phishing tools. Once these people get their hands on the account information of legit users, they go on expensive shopping sprees that costs the e-commerce industry a lot of lost revenue. It also causes a lot of misinformation on the security and reliability of online stores (some are truly legit but most are well…..). Hopefully more and more fake PayPal and eBay scams would be denied giving people more time to develop better protection systems. There are a lot of tips on the internet about online safety with regards to these email and other scams so you’d better brush up and stay informed of the latest news if you love online shopping and haggling over eBay. Safe online Shopping everyone!!

Tags: eBay, eCommerce, Gmail, Online Safety, Online Shopping, phishing

Categories: General, Network Security, News, Physical Security, Privacy & Anonymity, Real-World Issues, Security Policies

Leave a Comment