Custom Search

Monday, August 17, 2009

Facebook Privacy Guide

So you are on Facebook and you haven't changed the default settings that Facebook sets when you first create your presence on the site? You really ought to take a look at this guide to help you wade through the privacy settings. You can access to the privacy settings by looking towards the top left hand corner of the Facebook page. Under Settings, the second one down is the privacy settings. After you get done looking at your settings, check your kids pages also. And don't put it past them to change their DOB to allow them more freedom to share more.


Privacy Settings - Profile|Basic
The following is the suggested settings that Facebook provides you.
  • Profile - Only Friends
  • Basic Info - Only Friends
  • Personal Info - Only Friends
  • Status and Links - Only Friends
  • Photos Tagged of You - Only Friends*
  • Videos Tagged of You - Only Friends
  • Friends - Only Friends
  • Wall Posts - Only Friends (It is OK to allow friends to post to your wall by checking this box)
  • Education Info - Only Friends
  • Work Info - Only Friends
* You need to be sure and set your Photo Album Privacy Settings to Only Friends. The default for Facebook sets is Everyone. Lock this down!

Privacy Settings - Profile|Contact Information
The following is the suggested settings that Facebook provides you.
  • IM Screen Name - Only Friends
  • Mobile Phone - Only Friends*
  • Other Phone - Only Friends*
  • Current Address - Only Friends*
  • Website - Only Friends
  • Email Address - Only Friends
* If you are adding these items to your profile, do you really want to share this much information with everyone on your friends list? Make sure you know all who are on your friends list. Maybe you should review it periodically and delete folks you don't have contact with. This is probably more important for kids, and young adults. I've seen some kids having over 500 friends on their list and they really need to delete those who they have no contact with.

Privacy Settings - Search
The following is the suggested settings that Facebook provides you.
  • Search Discovery Section - Search Visibility should be set to everyone or you've defeated the purpose of social networking. Unless you don't want to be found.
  • Search Result Content Section - The default settings that Facebook in this section is of course everything. Only check:
    • My profile picture (Think about this one....you may want to uncheck this one too.)
    • A link to add me as a Friend
    • A link to send me a message
  • Public Search Listing Section - It is advised you uncheck this box. If checked, this allows anyone to search for your profile with a search engine like Google. This is a biggie. This will prevent people and data aggregators from finding out you have a presence on Facebook.

Privacy Settings - News Feed and Wall|Actions within Facebook
The following is the suggested settings that Facebook provides you.

Actions visible to friends - You may want to check the following:
  • Comment on a Photo or Album
  • Comment on a Video
  • Comment on a Posted Item
  • Post on a Discussion Board
If for personal reasons, you don't want to announce to everyone what your relationship status is, make sure you uncheck this box.

If you want to supress Recent Activity that appears on your wall, you can uncheck all the boxes provided by Facebook.

Privacy Settings - News Feed and Wall|Facebook Ads
The following section is where you have the option to opt out of ads on Facebook and Third Party Applications.
  • Ads shown by third party applications - No One
  • Ads shown by Facebook - No One

Privacy Settings - Applications|Settings
This section allows you to select what information can be shared by applications.
  • You need to uncheck all boxes. Direct from the Facebook page, when a friend of yours allows an application to access their information, that application may also access any information about you that your friend can already see.
  • Under Facebook Connect Applications and Beacon Websites, check both these boxes.

Profile Information
When filling out your profile, think twice on what information you will be sharing with all friends in your network. Here are some things to think about.
  • Don't show your full DOB. Facebook allows you to only show month and day. Why not show it all? Your DOB is used as a piece of information to verify your identity. You may want to actually lie about your DOB as a whole. You have to make that decision based on this information.
  • USE EXTREME CAUTION WHEN SHARING YOUR CONTACT INFORMATION. Like your phone number, address, and work information. Your privacy is important and you should take precautions.
  • Watch what pictures your post. Those party pictures of you drunk were cool but think about if these pictures made it out to the entire Internet. You need to remember that your friends can still copy any picture you share and save it outside of Facebook, then you've lost control of this forever. THINK, THINK, THINK!!
  • Fabulous advice on posting any information about your current employer. Don't do it.
Remember to treat all pictures and profile information that you post, even if you mark it as private, as if it were public information. Sometimes even Facebook can have vulnerabilities that allow someone you don't want to have access to possibly get a hold of embarrassing pictures or information you post.

Be careful out there and stay safe.


Posted by Brice Smith at 3:01 PM 1 comments
Labels: , ,

Tuesday, July 28, 2009

Heading to Las Vegas and DefCon

In a couple of days I'll be off to DefCon 17 in Las Vegas, NV. If you aren't sure what DefCon is, it's a hacker conference. I attended my first DefCon in 2007. Got hooked, and I'll try and hit everyone in the future. This year appears to be chocked full of fabulous talks. Since it is Black Hat/DefCon time (both events held in Vegas), there will be a ton of news coming out this week. I'll try and have one more post before I head out.

Here is a reminder to all my friends who use the Windows operating system, today Microsoft will be releasing a patch which is out-of-band which means, it is not the normal second Tuesday Pat Tuesday patch. MS has patches released on the second Tuesday of every month. Only when a serious security issue arises, do they have these out-of-band pathces. So, make sure your Windows box gets it's updates tonight when you get home.

Take care and stay safe. Have a fabulous Tuesday.
Posted by Brice Smith at 2:44 AM 0 comments
Labels: ,

Friday, July 24, 2009

Microsoft to Issue Out-of-Band Patch

Next Tuesday, Microsoft has announced that they will be coming out with an out-of-band patch next week(072909). If you don't have updates downloaded automatically, you may want to start checking for update on Tuesday after you get home from work.

This will be only the third time that Microsoft has issued an out-of-band security patch in the past 25 months. This of course is due to the seriousness of the vulnerability that is currently being exploited by the bad guys out there in the Internet world. If you aren't familiar with Microsoft's schedule, they regularly schedule patches to be released on the second Tuesday of each month. This allows business to react, and prepare for their release.

Stay safe out there and have a fabulous weekend!!
Posted by Brice Smith at 10:07 PM 0 comments
Labels: , ,

Wednesday, July 22, 2009

Promise of Erin Andrews Video Leads to Malware

If you don't know who Erin Andrews is, she is a reporter for ESPN. She is very attractive and she has been captured in a video in the nude, and the video has been posted on the Internet. Erin and her lawyer have promised to sue whoever may be distributing the video so it isn't easy to find.

However, the cyber criminals know that men will be men and they have put up fake sites that purportedly host the infamous video of Erin Andrews. And it doesn't matter if you are surfing on a MAC or a Windows PC, you will be owned if you try and visit these sites. You won't get to see the video, and on top of that, you have malicious software downloaded to your PC so my advice to all men out there, don't go looking. This is like a broken record how the attack is done. You click, and a fake video player is needed to view the video Andrews naked.

So stay safe out there. Your behavior on the Internet has a lot to do with if you run into the nasty stuff the cyber criminals are offering. Play it smart. Don't go looking for the Erin Andrews video. If you do, you probably won't get what you are looking for. Happy Hump Day and take care.
Posted by Brice Smith at 2:31 AM 0 comments
Labels: , ,

Sunday, July 19, 2009

Firefox 3.5.1 Has Serious Vulnerability

Well, Friday, the Firefox browser came out with a patch for a vulnerability that was announced last Monday. OK, I thought cool. They patch fast. Well, I mean the next day, it was announced that the newly released version of the Firefox browser has a serious vulnerability.

The Internet Storm Center has a write up on this you can read. Click here to read that post in the ISC Diary.

Hope your weekend was fabulous. Monday is just around the corner. Be on the watch for a patch for the Firefox browser soon. I'll let you know. Stay safe.
Posted by Brice Smith at 3:22 PM 0 comments
Labels: , ,

Friday, July 17, 2009

Another Reason to use Firefox Browser

Last week and this week, Microsoft has had two pretty serious 0-day vulnerabilities that allowed an attacker to get the ability to run code on the target PC. Now with Patch Tuesday being this week, Microsoft was able to correct the DirectShow fix on Tuesday. However, the new one that I wrote about in the previous post is not. One wonders how long it will be before a patch is in place.

Now, proof there is another reason you really should be using the Firefox browser as your primary browser. Early this week, it was announced that Firefox had a serious 0-day. I have stated in the past, there really isn't a browser out there that doesn't have problems with security vulnerabilities. However, the key is, how quickly do they get patched. The window of opportunity for bad guys to take advantage of 0-day vulnerabilities in Firefox are just smaller. Today, if you are a Firefox user, make sure you get the update 3.5.1 that will correct the current problem.

If you don't use Firefox, try it. It is free and has some great addon's that you can use to protect yourself more. I personally use Noscript which I recommend you do too.

OK, have a fabulous Friday and stay safe out there.
Posted by Brice Smith at 4:56 AM 0 comments
Labels: , ,

Monday, July 13, 2009

Microsoft Announces ANOTHER 0-Day

OK, the last post was an article on a 0-day vulnerability in the DirectShow ActiveX control. I pointed you to a work-around until they will patch the problem. Sounds like they will be patching it tomorrow (Patch Tuesday). On the heels of that announcement, Microsoft says there is another 0-day in their Office products. It works the same. Bad guys will compromise sites that re-direct you to their malicious site. If they can get you there, your PC will be compromised. Really bad stuff.

The Internet Storm Center has a great write up here on this problem and also gives a link for you to "Fix It" which is similar to the work-around for last week. If you use Internet Explorer you will really want to visit the ISC link and click on the "Fix It" link. Another work-around, is to use an alternative browser like FireFox. I recommend it.

Stay safe, and have a fabulous week. Happy Patch Tuesday for all you Microsoft users!
Posted by Brice Smith at 5:04 PM 0 comments
Labels: , , ,
Subscribe to: Posts (Atom)