Archive for the ‘security’ Category

Create your Facebook and MySpace accounts before a hacker does it for you

August 9, 2008 2 comments

I’ve blogged before about the importance of managing your online identity. This week, hackers at the recent Black Hat conference in Las Vegas set out to prove how very important that can be.

At the event, some of hackers participated in an experiment where they created profiles on Facebook and MySpace for prominent individuals. They created Facebook and MySpace accounts for people who had none, and used data that was easily available online to create the phony profiles.  Then the hackers used the spoofed accounts to send invitations to others – to be their Facebook or MySpace friends.  Suprise – the invitations were quickly approved as friends by people who should have known better – some of them prominent security analysts.

So – what’s the moral to this story? Actually, there are many best practices that we all should consider.

1. If you had don’t have a Facebook or MySpace account – then you should set one up immediately. You should have one on both sites – if only to ensure that someone else does not set one up in your name to impersonate you.

2. Don’t include too much detail on your Facebook or MySpace accounts. Some people broadcast an incredible amount of detail about their personal life, including their home address, their cell phone and home phone numbers, and photos that may be a problem later – for example, if they ever need a security clearance. According to computer security specialist Shawn Moyer, “Don’t put anything there [on Facebook or MySpace] that you don’t consider public.” And what you put on your profile can easily be copied by other computers – so it exists long after you have deleted it, as you have no control over other’s server.

3. Don’t accept friend requests from someone that you don’t know. For example, as Esther Dyson states on her Facebook profile: “I don’t respond to friend requests that don’t have a personal message proving I’m not just another entry in someone’s address book. I’m just trying to uphold the Facebook credo that you should actually know your FB friends.”  She attributes the practice of being guarding one’s online security as “online grooming.”

4. Don’t install 3rd party applications for Facebook and MySpace just because a friend of yours has invited you to do so, warned computer security specialists Nathan Hamiel and Shawn Moyer, speaking from the Black Hat conference in Las Vegas. “People are going nuts adding applications they don’t need. . . People know if they go on a computer and download a program they could get a virus. . . They don’t have the same view of how dangerous that can be on a social networking site.”

Social networks really don’t care if you get pawned or not,” Hamiel said, using slang referring to a computer user being dominated and humiliated by hackers.  Manage your own online presence – and your online identity can be a boon, not a bust, to your career and your lifestyle.

And as a final note, I searched Facebook for Nathan Hamiel and Shawn Moyer – and could not find an account for either gentleman.