US-CERT Cyber Security Tip ST06-003 — Staying Safe on Social Network Sites

US-CERT Cyber Security Tip ST06-003 — Staying Safe on Social Network Sites

I may have posted a blog entry about this in the past, but it’s worth revisiting.  Recently the daughter of an old friend got in contact with me through a social networking site.  Upon looking at her profile, I realized that she’s breaking most of the tips presented in this article.  So rather than lecturing her directly (and risk her not listening), I decided to post an entry reminding everyone about the dangers and preventions.

It doesn’t matter whether you’re 5 or 68.  If you post too much information about yourself, someone with malicious intent can get it.  It doesn’t have to be on a social networking site, but it would seem to be easier to find the information there.  People tend to think “Social Networking means that I need to tell them everything.”  So they publish things that they normally would keep quiet.

This isn’t new.  The rise of Social Networking sites only made it easier.  Six years ago, I sent an e-mail to two of my online friends.  I gave them both my address and phone number—because I had found theirs online (even though they were both unlisted in the phone book) and thought it was only fair to give them mine.  I showed them exactly how I found them and told them what to do to try and counter that.

One had posted a picture of her kids and herself on a community. In the picture, it showed her house number.  So, I simply searched for her last name, and picked the one with that house number in it.  Even though they didn’t have the Phone number listed in their full name, it was easy to find.  The other had purchased something and put her address/phone number down. It was sold off, and published.  Even though she had it unlisted in the phone book.

The basis of the tips presented are these:

  • Do not publish your address or phone number anywhere that can be publicly searched.  If you have the information posted, make your profile private.
  • Choose what you publish carefully.  This includes pictures and things you type.  Current and future employers, amongst other people can and will search for you.  If it’s not something that your employer (or potential career choice) will approve of, DON’T POST IT.
  • Be careful with who you open the information up to.  Anyone can impersonate anyone else online.  An example of this is on Twitter.  There are a lot of people impersonating famous celebrities on there.  PC World Magazine posted an e-article about the top 15 “fakes” on twitter.  Some of them are pretty realistic.  So, just because that person claims to be an old friend, doesn’t mean they are.  And it doesn’t mean that they don’t have malicious intentions (even if they are the old friend).
  • Parents should monitor what their children are posting.  If your child won’t add you as a friend on their social networking site, then there’s a problem somewhere.  If your child posts something that’s inappropriate, talk to them about it.  Don’t chew them out for doing it, just talk to them about the dangers of posting it.  If they post something that they did, discuss both what they did, and why they shouldn’t have posted it.  Again, don’t chew them out though.

On the last bullet, it’s easy to say “Yeah, you don’t have kids.”  This is true.  But if you lecture them and chew them out for doing something, two things will probably happen.  One is you’ll find yourself off of their friends list, and two is they’ll create another account and post it there instead.  If you discuss it with them, they’re more apt to listen to what you have to say.  And they’re more apt to actually do what you tell them.

One more tip that the article talks about is be aware of the Privacy Policy of the Social Networking sites.  Some of them will harvest your personal information and sell it to advertisers.  Others will protect your information to the extent that they’re allowed to.  And remember that just because they will protect your information, doesn’t mean that someone won’t come through with a script or bot and harvest the information anyhow.

Be safe and have a great day:)

Patrick.

Leave a Reply

Your email address will not be published. Required fields are marked *