Shared Security

This is the 40th episode of the Social Media Security Podcast sponsored by the Streetwise Security Zone.  This episode was hosted by Tom Eston and Scott Wright recorded February 25, 2015.  Below are the show notes, links to articles and news mentioned in the podcast: * Facebook’s new ThreatExchange * Fitbit data used in a court case * Echosec is a web application that lets you search a geographical locale for posts on Twitter, Instagram and Flickr * Some new Facebook security tips and tricks * A very special interview with somebody who experienced a scam attempt on Facebook. Great advice on how to defend against these types of scams! Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  Don’t forget  to subscribe to the podcast in iTunes, follow us on Twitter and like us on Facebook.  Thanks for listening!

This is the 39th episode of the Social Media Security Podcast sponsored by SecureState and the Streetwise Security Zone.  This episode was hosted by Tom Eston, Scott Wright recorded December 12, 2014.  Below are the show notes, links to articles and news mentioned in the podcast: * “Snapcash” has been announced by the creators of Snapchat. Can Snapchat gain enough consumer confidence to break into the payments field? * Yik Yak is a social app for browsing anonymous chats in your locale and it’s gaining popularity with teens and causing some problems for schools. * Yik Yak is also not as private or anonymous as you think as a new security vulnerability was just disclosed! * How to opt out of Twitter’s new app tracking feature * Facebook’s updated Privacy Policy? Not much new, but policies have been reworded to be somewhat less onerous to read * Facebook At Work – Will it work? * Scott and Tom share our opinions on the big Sony Pictures security breach * Scott shares some best practices on how to secure your LinkedIn account. Tom shares some good tips to make your LinkedIn account more private. Here are a few of the tips we discussed: * 1) Turn on HTTPS for all sessions: – Check the “Secure Connections” box in the security settings page 2) Turn on Two-Step Verification – The security settings page will tell you whether or not two-step verification is already set up – You can turn it on, and provide a mobile phone where SMS messages will be sent Both are accessible by doing the following while logged in to your LinkedIn account on the Web: a) Hover the mouse cursor over your profile picture b) Click on the Account tab in the bottom left of the page c) Click on “Manage Security Settings” Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  Don’t forget  to subscribe to the podcast in iTunes, follow us on Twitter and like us on Facebook.  Thanks for listening!  

This is the 38th episode of the Social Media Security Podcast sponsored by SecureState and the Streetwise Security Zone.  This episode was hosted by Tom Eston, Scott Wright recorded October 21, 2014.  Below are the show notes, links to articles and news mentioned in the podcast: * An enterprise level story about how hard it is to block specific sites, and what can be done about it * Twitter’s former security head condemns Whisper’s privacy flaws * Twitter sues the US Government over national security data * Twitter quickly withholds tweets for Turkey’s ‘national security’ * Twitter ‘news’ spreads faster than Ebola * Snapchat third party service hacked * Facebook Fake Likes Exposed Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  Don’t forget  to subscribe to the podcast in iTunes, follow us on Twitter and like us on Facebook.  Thanks for listening!

This is the 37th episode of the Social Media Security Podcast sponsored by SecureState and the Streetwise Security Zone.  This episode was hosted by Tom Eston, Scott Wright and special guest Kevin Johnson recorded September 19th 2014.  Below are the show notes, links to articles and news mentioned in the podcast: Special Topic! Managing Your Digital Footprint (thanks to Chris John Riley for the idea!) * Personal objectives for using social media * Types of footprints you might have (likes, comments, photos, tags, etc.) * Ways you can be exposed, and how to find them (Google search, Facebook search, Linkedin Search, etc.) * Ways to manage exposure going forward * This site has a good, short set of tips to review: http://krishnade.com/digital-footprint/ LinkedIn address book guessing… http://omnifeed.com/article/www.komonews.com/news/local/LinkedIn-flaw-helps-hackers-discover-email-addresses-275537041.html The LinkedIn LION – Are You Exposing Yourself to the Hyenas? https://www.linkedin.com/today/post/article/20140812143638-171396975-the-linkedin-lion-are-you-exposing-yourself-to-the-hyenas Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  Don’t forget  to subscribe to the podcast in iTunes, follow us on Twitter and like us on Facebook.  Thanks for listening!

This is the 36th episode of the Social Media Security Podcast sponsored by SecureState and the Streetwise Security Zone.  This episode was hosted by Tom Eston and Scott Wright recorded August 20th 2014.  Below are the show notes, links to articles and news mentioned in the podcast: * HTML5 Canvas Fingerprint — Widely Used Unstoppable Web Tracking Technology * What the Internet Can See From Your Cat Pictures. Everyone also knows where your cat lives… * Discussion about Facebook Messenger Privacy.  Is it really that big of a deal? * Misplaced fear about Facebook Messenger for Android * Ars Technica interviews Facebook CSO Joe Sullivan about improving corporate security * Another interview with Joe Sullivan by Washington Post about the post-Snowden effect on Internet companies * Kaspersky study of Facebook user risk awareness * Kaspersky app called Friend or Foe, and their top 5 security mistakes Facebook users make Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  Don’t forget  to subscribe to the podcast in iTunes, follow us on Twitter and like us on Facebook.  Thanks for listening!

This is the 35th episode of the Social Media Security Podcast sponsored by SecureState and the Streetwise Security Zone.  This episode was hosted by Tom Eston and Scott Wright recorded July 17th 2014.  Below are the show notes, links to articles and news mentioned in the podcast: * Facebook altered 689,000 users’ News Feeds for a psychology experiment * How to Stop Facebook From Using Your Browsing History * Hacking Facebook’s Legacy API, Part 1: Making Calls on Behalf of Any User * How to Teach Humans to Remember Really Complex Passwords * Why I quit Facebook and we are sharing much more than you think * Burglar logs in to Facebook in victim’s house, forgets to sign off (really?) Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  Don’t forget  to subscribe to the podcast in iTunes, follow us on Twitter and like us on Facebook.  Thanks for listening!

This is the 34th episode of the Social Media Security Podcast sponsored by SecureState and the Streetwise Security Zone.  This episode was hosted by Tom Eston and Scott Wright recorded June 18th 2014.  Below are the show notes, links to articles and news mentioned in the podcast: * Facebook Switches Default Setting to Private to Prevent Oversharing * Facebook Fights Malware With Free Security Software * Facebook Microphone Update To Store Data: Social Media Giant Confirms New Feature Will Aggregate Information * Facebook responds to this privacy issue * How to “Hack” Someone’s “Private” Friends List on Facebook to See All of Their Friends * 6 tips on how to avoid Linkedin Scammers * Some HP Employees Were Busted For This Hilariously Awful Attack Against Competitor, Splunk * Bruce Schneier posted a link to this article about how ISIS in Iraq is using their free mobile app to mass tweet on behalf of individual users, without triggering spam blocks. * Tom talked about SecureState’s free phishing awareness tool called “King Phisher”.  This tool can be used to conduct your own phishing awareness campaigns. Check out the webinar and download the tool. Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  Don’t forget  to subscribe to the podcast in iTunes, follow us on Twitter and like us on Facebook.  Thanks for listening!

Guess what? We’re back!  This is the 33rd episode of the Social Media Security Podcast sponsored by SecureState.  This episode was hosted by Tom Eston and Scott Wright recorded May 15, 2014.  Below are the show notes, links to articles and news mentioned in the podcast: * Social Media sites affected by Heartbleed * NYPD Twitter hashtag campain FAIL * Facebook Fail pages for brands like ADT alarm service * New Snowden Docs Highlight “Weaknesses” In Facebook Data Security  * Snapchat security failure * Facebook class action lawsuit status * Canada’s Privacy Commissioner rules on Facebook remedies in case of harrassment by child imposter * Interesting view on Android permissions requested by FB apps (and proposed solution) * People snubbed on Facebook feel less “meaningful existence,” study finds * Tom’s presentation on Enterprise Open Source Intelligence Gathering (OSINT) Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  Don’t forget  to subscribe to the podcast in iTunes, follow us on Twitter and like us on Facebook.  Thanks for listening!

This is the 32nd episode of the Social Media Security Podcast sponsored by SecureState.  This episode was hosted by Tom Eston and Scott Wright recorded April 25, 2013.  Below are the show notes, links to articles and news mentioned in the podcast: * A Little Privacy, Please! Your Rights and Social Media Policies.  Tom and Scott discuss why you should be reading the privacy polices of the social networks you use. * AP Twitter account hacked; report of White House bombs false * Beware Twitter “password check” sites – there are fakes, and there are fake fakes! * Is your Twitter password secure? * What is “Facebook Home” and what are the potential privacy ramifications of using it on your Android device? * Are you over-sharing? A discussion of the privacy paradox we all face * Check out SecureState’s latest whitepaper on the new concerns with privacy! Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes, follow us on Twitter and like us on Facebook.  Thanks for listening!

This is the 31st episode of the Social Media Security Podcast sponsored by SecureState.  This episode was hosted by Tom Eston and Scott Wright recorded January 18th, 2013.  Below are the show notes, links to articles and news mentioned in the podcast: * Facebook privacy controls have been updated.  Check out this article on all the changes. You can no longer have your profile hidden. All Facebook users are publicly searchable. * Facebook Graph Search has been released.  Tom and Scott talk about what you need to know. * What’s up with all these fake Internet girlfriends?? (Manti Teo) * Tom and Scott talk about the current state of Social Media and your business.  Download SecureState’s free Social Media Guidelines for businesses.  This is a great Social Media Policy template for your business. Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes, follow us on Twitter and like us on Facebook.  Thanks for listening!

This is the 30th episode of the Social Media Security Podcast sponsored by SecureState.  This episode was hosted by Tom Eston and Scott Wright.  In this episode we talk about the password problem and why we continue to choose easy to guess passwords.  Tom and Scott also talk about ways to select more secure passwords and how technology can help.  Below are the show notes, links to articles and news mentioned in the podcast: The password Episode!  It’s episode 30! * Study shows hackers more focused on passwords than those who create them Major password breaches in the last few months: * Formspring (420,000) * LinkedIn (6 million) * eHarmony (1.5 million) * Last.fm (2.5 million) * Blizzard Battle.net Brute force attacks on passwords is the #1 way we break into companies during pentests! Want to see the poor passwords people choose? SkullSecurity has very good lists from previous breaches.  Looking for more information? Tom wrote a white paper on how easy it is to profile user passwords on social networks. The password problem.  Users continue to make poor password choices. Why?  * Too many to remember? * It’s easier to use the same password for each site * Also the same user id and email * Failures in user awareness? * Users are not provided the technology to help * Social networks and other sites make it easy to choose weak passwords, little adoption of two factor authentication because users will complain * Mobile apps are not designed to constantly enter passwords.  This is why you “stay logged in”. Worse case scenario? * Mat Honan’s “Epic” Hacking What is the solution? * It’s tough but we need to stop blaming the companies that hold our data…take personal responsibility and educate yourself! * It’s also complex to figure out a solution. * Technology can help: KeePass, 1Password, LastPass, Google Two-Step Verification (application specific passwords), Facebook Two Factor Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also 

This is the 29th episode of the Social Media Security Podcast.  This episode was hosted by Tom Eston and Scott Wright.  Below are the show notes, links to articles and news mentioned in the podcast: * MySpace charged for violating user privacy, vows to do better * How a fake Justin Bieber “sextorted” hundreds of girls through Facebook * FBPwn: A cross-platform Facebook social engineering tool * Tom and Scott’s take on the Facebook IPO * LinkedIn CSRF (Cross-site Request Forgery) controls attacked * Scott gives us an update on his mobile honeystick project We are still planning on getting back to regular podcasts! Stay tuned.  Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes and follow us on Twitter.  Thanks for listening!