How to stay safe online!

Download Report

Transcript How to stay safe online! 

Advice and tips for using social media safely


https://www.youtube.com/watch?v=F7pYHN
9iC9I
It’s not really magic, it’s all online
Image from: http://blog.whitehatsec.com/introducing-the-i-know-series/

Identity Theft

Physical Theft/Burglaries

Sexual Predators and Stalkers

Spam and Malware

Reputation and Employment

Privacy settings

Over Sharing

Location based data/GPS tagging

“Free” services online, make their money by
selling you to third parties
◦ Because of this, privacy settings by default are
almost completely open


You should limit your profile to only be able
to be viewed by friends
Facebook has ~170+ privacy settings,
scattered throughout several pages



Anytime that you install an app, it asks you to
allow it a multitude of different permissions
Even if you lock your profile down, you can
still be making everything freely available to
apps
A great example of this is at
http://www.takethislollipop.com



The idea of a social network is to gather
friends, just make sure that you only accept
requests from people you actually know
Accepting unknown people as friends is
giving your information away just like
granting apps permission
Once they have your information they can
target you in spear-phishing emails and other
forms of spam



We constantly preach about not using the
same password on multiple sites, but using
the same user name can be just as bad
Programs like LastPass and Keepass can store
your information for you in a central location
Remember the HB Gary Federal hack last
year?
◦ The CEO used the same user name and password
across multiple systems


It sounds silly, but don’t take a picture of
your credit card and post it online
https://twitter.com/needadebitcard
◦ Was created to “shame” people who did just that

Remember, if it sounds too good to be true, it
most likely is

What are some good ways to effectively
manage privacy settings?




There are apps out there that can help!
You do, however, need to be careful about
what apps you choose, so you don’t fall in to
what we’ve already talked about
Either verify that the author/creator of the
app is a trustworthy source, or just do a
Google search for reviews
If you can’t find anything easily, it’s likely not
a good program



Privacy Fix installs as an app in your web
browser (Firefox and Chrome), it then scans
your privacy settings in Facebook and also in
your Google account if your logged in to
them
It provides you easy ways to “fix” open
privacy settings, but does it in a way to teach
you
http://privacyfix.com



Is an app in Facebook, created by F-Secure
Scans links in your private messages, and on
your wall
Allows you to scan links for safety before you
post them on your wall
Don’t invite them in

Can anyone give an example of why tagging
photos with GPS location data is a bad idea?



Don’t post dates of when you are leaving and
coming back from vacation.
Wait until after you get back to post pictures
Turn GPS tagging off on your pictures so
people can’t find out as easily where you live
◦ http://weknowyourhouse.com/
◦ https://twitter.com/WeKnowYourHouse

Don’t post things about your house that
might make it vulnerable

This could never happen to me! Right?
http://www.cosmopolitan.com/advice/tips/burglaries-because-of-facebook
http://www.kcrg.com/news/local/Police-FacebookPhotos-Could-Lead-to-Break-Ins-160333525.html
http://thetimes-tribune.com/news/jessup-police-investigate-break-instied-to-facebook-1.917832



Anyone can pretend to be anything online
Don’t accept friend requests from people you
don’t know
Turn off GPS tagging on your posts/photo
upload
◦ If someone is following you, you could be telling
them exactly where you are!
Be careful what you click



Malware is being created with the end user as
the vulnerability instead of flaw in software
Don’t click on links sent from people you
don’t know
Be wary of links that are even sent from
“friends” their accounts could have been
compromised
◦ A common tactic is to send a link with a caption
that the video is related to something currently
going on in the world or related to you (e.g.
“Footage of Bid Laden Kill” or “you even see him
taping you, that’s awful”


Does your number fall between (000)000-0000 and
(999)999-9999?
A vulnerability was found in Facebook, just
last week, that allowed anyone to search for a
number and connect it to a name
◦ Facebook fixed this vulnerability, however their “fix”
was to limit the amount of searches that an IP
address could do in a specified amount of time

If your telemarketer phone calls start to pick
up, you might know the reason why now



Another trend recently is to receive a phone
and be greeted with “I am calling you from
Windows!”
They try to convince you that your computer
has errors and viruses and you need to
download their software and pay them money
to fix it
The software is a backdoor giving them direct
access to all of your files, and some people
have paid upwards of $500 for their “fix”


Certain apps will ask you for permission to do
all sorts of stuff, even send messages on your
behalf
While possibly unintentional, they can still
have the effect of spamming your friends
◦ A Happy Birthday app is a more common one of
this, that automatically sends all of your friends a
private message with birthday wishes

There are several websites that show what
malicious websites are capable of extracting from
your web browser
◦
◦
◦
◦
◦
◦
◦

…what websites you’ve visited
…who is on your Gmail contact list
…what Firefox addons are installed
…what you’ve previously watched on Youtube
…what sites you are logged in to
They can steal a browsers auto-complete data
They can even activate a computers camera and
microphone
This is a great write up on all of the facets:
◦ http://blog.whitehatsec.com/introducing-the-i-knowseries/
Your current and future jobs
might depend on it

What are some good examples of
oversharing?

This is a short list of things you should not share:
◦
◦
◦
◦
◦
◦
◦

Full Name (especially your middle name)
Your birth date
Hometown
Phone numbers
Relationship status
Your school name/location/graduation dates
Pet names
These are answers to some of the most
commonly asked “forgot password” questions,
and with this information anyone could reset
your password


You might be surprised what you find
Facebook has a privacy setting, that by
default makes your profile searchable
◦ This is one of the settings PrivacyFix helps you find

Don’t post it on Facebook!
Would you want to post that your hungover,
taking drugs, or what your brand new phone
number is?

Sadly, these people all do

◦ http://weknowwhatyouredoing.com/


Visit http://staysafeonline.org/stay-safeonline/
There are great, short, educational videos and
topics ranging from how to protect yourself
at home and at work, and also how to make
sure your kids are safe online