Tag Archives: Privacy on the Internetz

Launching: SocialMediaSecurity.com

Filed under Social Networks
Tagged as , , , ,

skullI wanted to get this post up before I leave for DefCon since it will be hard to have time to blog in Vegas.  In a nutshell, I started a new web site called socialmediasecurity.com.  This was originally a project that I started to move my social media research over to a separate web site but has since evolved into something much larger.  What I have done is consolidated (with permission) research from other security researchers such as Aviv Raff, Joseph Bonneau, Kevin Johnson, Nathan Hamiel, Scott Wright, theharmonyguy and more.  Each article links back to the original author.  The purpose of this was to have an easy way to search on a specific topic or social network (for example: Twitter) and get the security information you are looking for.  You can subscribe to post updates via RSS, Email or through Twitter.

In addition, at the top of the page are links to downloadable guides, presentations, video’s and more.  All of this content is related to user education and awareness on social media security issues.  This is obviously a work in progress and I plan to have more content added to this very soon.  One thing I am working on that I wanted to get out before my talk at DefCon was a detailed walk-through video of the Facebook Privacy Settings (basically a walk-through of my guide).  I haven’t finished the video yet and I might have to redo it since Facebook will be releasing a new interface for privacy settings in the near future.  The plan is to do one for each of the major social networking sites as well as a downloadable guide like the Facebook one.

So…you can also concider this a call for volunteers! 🙂  If you would like to contribute anything (guides, videos, research, tools, blog on the site) or have feedback let me know by sending me an email (tom[aT]spylogic.net).  There are a few other researchers and volunteers working on some really cool stuff for the web site.  Far too many ignore the security and privacy issues of social media.  We welcome your participation to help make a difference!

JanusPA – Hardware Privacy Adapter

Filed under Privacy on the Internetz
Tagged as , ,

This is really cool. The guys that brought you the JanusVM Internet Privacy Appliance are about to release instructions on how to make a hardware privacy adapter. What is a hardware privacy adapter you ask?

Via Hack a day:

“It’s a small two port router. You just plug it in-line between your computer’s switch and your internet connection. It will then anonymize all of your traffic via the Tor network. You can also use it with OpenVPN. The hardware appears to be a Gumstix computer mounted to a daughtercard with two ethernet ports. It will have a web configuration just like a standard router. This looks like a great plug-n-play privacy device.”

Once you buy all the parts you can build your own for about $250. Not too bad for an easy way to anonymize all of your traffic over the Tor network or a VPN. Tor and Privoxy can sometimes be a real pain to configure so something like this would be fantastic to just plug in and configure once. It’s also nice that is can use OpenVPN as well.

My only issue with Tor is that it can be *really* slow for web surfing depending on what relays you connect to and there are some warnings you should be aware of. Also, your Tor installation needs to be updated frequently as the development team is always making updates and improvements. However, Tor is better then nothing if you are concerned with online anonymity.

Kudos to the JanusPA team…looks like I might have a hardware project to work on next year once the instructions get released.

Exploiting trust in social networks

Filed under Social Networks
Tagged as , , , , ,

Over the weekend I posted my first article on Social Network/Media security over at Blogsecurify. You can check out the post here. My next article will talk about the security of third-party applications and widgets for social media applications.