By John W. Pirc, Author, CEH, IAM, SANS STL, Sr. Product Line Management, Global Network Security Products
Happy Holidays! As we are quickly approaching the holidays, a lot of security vendors are giving their warnings about online fraud, SPAM, suspicious shorten URL’s to name a few and I would encourage you to read them. Cyber security is a 365x24x7 problem or job depending on how you look at it. However, during peak periods such as holidays, the nefarious cyber actor has a lot more levers to social engineer you into clicking on link that might bring some unwanted gifts on your smart phone, smart pad or laptop. I think a lot of great articles have or will be published in the coming day’s that will cover a lot of that in detail from various security vendors and thought leaders around the world.
Privacy and social networking
What I want to talk to you about is privacy—and more specifically, the privacy risks associated with social networking applications and Facebook. I have to say Facebook has done a tremendous job in giving us the ability to lock down privacy settings. However, in order for some of us to utilize certain applications within Facebook, we have no choice but to give away our personal information and limited control to our Facebook account. There are many examples I can site but since it’s the holiday season, I’m going to pick on “Holiday Card List” in figure 1.0. This is actually a great application to send out holiday cards. If you’re like me, holiday cards go out at the last minute but with the many applications within Facebook, we can check our online status and send out holiday cards at the same time….now that’s efficient.
Figure 1.0
However, this application has a laundry list of “Request for Permission” in figure 1.2. This is a blanket “Allow” or “Don’t Allow” for information ranging from access to your profile to the ability to post on your behalf at any time of the day or night. It’s understandable that the application needs certain information to operate in order to send holiday cards but some of the information they are requesting like accessing your data any time and posting to your Facebook as you… might make some feel uncomfortable and hit the “Don’t Allow”. This example I’m giving you is very important as “Holiday Card List” is a legitimate application. I hear that on occasion some applications are not so legitimate and who knows where your information is going. I personally would like to see a “Request for Permission” with checkboxes and I can decide what I want to give certain applications access to….hint hint application developers out there.
Figure 1.2
The following example in figure 1.3 is not related to Holiday Card List but another application that is linked from Facebook. Quick survey, how many of you read the privacy policy or statements of a website or application? I can tell you, not many people take the time to read the privacy policy but hopefully the following information will encourage you to read the fine print.
Figure 1.3
In the red highlights in figure 1.3 states the following: “In order to collect this data, company X may utilize automated tools and files such as "cookies" or utilize location information. These automated tools and files may reside on our servers or on your computer or device”. This information combined with the “Request for Permission” above in figure 1.2 might make you think twice in making a decision to join an application. This practice of dropping “super” cookies or location information beacons is becoming a common practice and unfortunately you are granting access to applications without really understanding just how much information you are sharing with a Facebook application or others application for that matter.
I know I covered a lot of information that really could be a chapter in the book that I’m currently writing. However, before I close, it’s important to realize that all the information I presented within this blog article revolves around risk as opposed to security vulnerabilities. A lot of our identities are now becoming part of the social Internet fabric. To some degree in order to play, we have to be willing to give up some control of our identity. I guess you can compare this to a transaction when you buy a service. Instead of giving money, you’re giving identity, connections and location away for monetary payment…right or wrong that is just my opinion but makes you wonder just how much your identity is worth.
Remember these 2 cyber security tips:
Again, I appreciate you taking time out of day to read this and if you any question please don’t hesitate to ask! Enjoy the holidays and stay social and stay secure!
>> Learn more about HP Networking products and solutions.
>> Learn more about HP’s Enterprise Security Solutions.
>> Follow HP Networking on Twitter | Join HPN LinkedIn Community | Like us HPN Facebook
