Shared Security Podcast

This is the 22nd episode of the Social Media Security Podcast recorded January 21, 2011.  This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast: Skype credit email as an apology – a new trend we can expect in 2011 from good guys and bad guys.  Screen shot mentioned in the podcast. Scott’s note: I searched for posts about this email before clicking on it, and it was actually legitimate. However, this would be a very compelling phishing attack for any organization that recently suffered a PR setback. Any time you get an unexpected email, even if it looks like the circumstances make sense, you need to check on its authenticity. And any organization issuing such an Email should also post an announcement of the campaign on their home page, and issue a press release to make it easy for people to verify the legitimacy of the email. Bruce Schneier’s taxonomy of social network personal data Facebook now tells you about people you know who have found friends using their Friend Finder Scott’s note: I always tell people never to enter their email address and password on sites that aren’t their email service. You don’t know what they will do with your password, or if it might be captured. It also exposes your friends to potentially unwanted email messages – e.g. spam. Facebook Lets Developers Ask a User for Their Address, Phone Number in the Graph API Twitter Worm Pushing Rogue Antivirus Scam Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes and follow us on Twitter.  Thanks for listening! The post Social Media Security Podcast 22 – Skype Email, Taxonomy of Socnet Data, Facebook Graph API appeared first on Shared Security Podcast.

This is the 20th episode of the Social Media Security Podcast recorded December 17th 2010.  This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast: Trolls who deface Facebook RIP pages of teens who have died Canadian Mounties LIKE Cookie Monster Audition for SNL Facebook becomes divorce lawyers’ new best friend Vulnerabilities in Facebook Apps (nothing new but still a problem) Gawker breach and implications.  Ryan Naraine had a good set of tips at Threatpost.com. Facebook Profile Changes: What You Should Know Zuckerburg man of the year? Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes and follow us on Twitter.  Thanks for listening! The post Social Media Security Podcast 21 – Facebook Trolls, Cookie Monster, Gawker Breach appeared first on Shared Security Podcast.

This is the 20th episode of the Social Media Security Podcast recorded November 5th 2010.  This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast: FireSheep – “Firefox plugin to pull active cookies from popular websites while using open wifi”. Facebook Responds to FireSheep Idiocy tool sends tweets on your behalf as a “Warning”. Get the tool here. How to defend against FireSheep? Manually use HTTPS for social media sites or use a VPN while connected to open wifi..don’t forget about mobile apps! Try the HTTPS Everywhere Plugin from the EFF or Force-TLS Plugin. Learn more about securing your Wifi at home. FireShepherd Aims to Protect Users. BlackSheep is another one… White House Forms Privacy and Internet Policy Subcommittee Ottawa man busted through Facebook after stealing rare Wayne Gretzky jersey What NOT To Post On Facebook: 13 Things You Shouldn’t Tell Your Facebook Friends Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes and follow us on Twitter.  Thanks for listening! The post Social Media Security Podcast 20 – FireSheep, Privacy in the US, What NOT To Post On Facebook appeared first on Shared Security Podcast.

This is the 19th episode of the Social Media Security Podcast recorded October 8, 2010.  This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast: Social Media Security Awareness Month – at SecureState! Two new white paper’s released: Security Gaps in Social Media Websites for Children Open Door to Attackers Aiming To Prey On Children by Scott White. Profiling User Passwords on Social Networks by Tom Eston SocialScan service and social media consulting available. Panda Security Publishes Findings from First Annual Social Media Risk Index for SMBs Survey: Fear of data loss, security risks via social media sites on the upswing Facebook Competitor Diaspora Hit With Security Criticisms New changes to Facebook.  What you need to know: New groups (tag people just like places).  Ability to download all of your data to a zip file. Dashboard for more granular control of applications. New one time password feature and session controls Facebook Groups: Privacy Blunder or Twitter Replacement? Don’t Get Duped by LinkedIn Spam Scam Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes and follow us on Twitter.  Thanks for listening! The post Social Media Security Podcast 19 – New Changes to Facebook, Social Media Risk Survey, LinkedIn Scams appeared first on Shared Security Podcast.

This is the 18th episode of the Social Media Security Podcast recorded September 3, 2010.  This episode was hosted by Tom Eston and Scott Wright and is our 1 year anniversary episode!  Thanks to everyone that has supported the podcast over the last year…we really appreciate it!  Below are the show notes, links to articles and news mentioned in the podcast: Scary new way to use Facebook with RFID.  Is the physical world starting to merge with social media? MySpace updates its privacy settings Hacking your location with Facebook Places Privacy Settings for Facebook Places How to get hacked on Facebook (Koobface chat messages) Facebook spam infinitely more effective than email spam Facebook’s remote log-out security feature: Should you care? Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes and follow us on Twitter.  Thanks for listening! The post Social Media Security Podcast 18 – RFID and Facebook, Hacking Facebook Places, MySpace Privacy appeared first on Shared Security Podcast.

This is the 17th episode of the Social Media Security Podcast recorded August 13th, 2010.  This episode was hosted by Tom Eston and Scott Wright.  Below are the show notes, links to articles and news mentioned in the podcast: Researchers Show How Twitter, Twitpic Make Stalking Simple.  Check out ICanStalkU.com! Robin Sage revealed at BlackHat USA. Why QR Codes Are Poised to Hit the Mainstream.  Check out our QR Code.  This one is safe! Download 171 million Facebook names via Torrent.  Here is an update from Ron. Acunetix releases video and technical article about an exploitable XSS on facebook.com Facebook name extraction Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes and follow us on Twitter.  Thanks for listening! The post Social Media Security Podcast 17 – ICanStalkU, QR Codes, Facebook directory via Torrent, LinkedIn CAPTCHA’s appeared first on Shared Security Podcast.

This is the 16th episode of the Social Media Security Podcast recorded July 2, 2010.  This episode was hosted by Tom Eston and Scott Wright.  Below are the show notes, links to articles and news mentioned in the podcast: Quick update on Diaspora (pronounced Di-as-para).  Here is a video update as well. FTC nails Twitter for deceiving users about privacy and security HTTPS Everywhere Firefox extension from the EFF Persistent XSS on Twitter.com Interesting New Twitter Phish Can Lead to Bad Places Facebook Rolls Out Simplified Application Permissions System Facebook Phonebook Is Not A Security Threat NTIA (National Telecommunications and Information Administration) has received the report of the Online Safety and Technology Working Group (OSTWG) “Youth Safety on a Living Internet” (2.42 MB PDF file) Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes. Thanks for listening! The post Social Media Security Podcast 16 – Diaspora News, FTC and Twitter, Twitter XSS, Facebook App Permissions appeared first on Shared Security Podcast.

This is the 15th episode of the Social Media Security Podcast recorded June 11th, 2010.  This episode was hosted by Tom Eston and Scott Wright.  Below are the show notes, links to articles and news mentioned in the podcast: Our Facebook Privacy & Security Guide has been updated to v2.2.  We are working on the LinkedIn Privacy & Security Guide! How to permanently delete your Facebook account Quit Facebook Day – May 31st was it successful? Facebook Leaks Usernames, User IDs, and Personal Details to Advertisers Facebook Fixing Embarrassing Privacy Bug (CSRF). Video here. Facebook “likejacking” targets World Cup, BP, Shrek, UFC, … ReclaimPrivacy.org – Facebook Privacy Scanner Facebook firehose comes to Bing Formspring.me XSS flaw MySpace Announces New Privacy Controls Social media pose the latest challenge in separating work from personal spaces Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes. Thanks for listening! The post Social Media Security Podcast 15 – Current Facebook Security Issues, New Privacy Tools, Likejacking, Formspring, Social Media at Work appeared first on Shared Security Podcast.

This is the 14th episode of the Social Media Security Podcast recorded May 14th, 2010.  This episode was hosted by Tom Eston and Scott Wright.  Below are the show notes, links to articles and news mentioned in the podcast: Yelp Security Hole Puts Facebook User Data At Risk, Underscores Problems With Instant Personalization (two XSS holes in a few days discovered) Want to know what Cross-Site Scripting (XSS) is and how it works at a basic level? Check out Episode 2 of our podcast. Facebook Leaks IP Addresses via Email Facebook is dying, social is not.  Is Facebook overplaying your hand? Diaspora “The Open Source Anti-Facebook” raised $133,182 (close to 4,000 supporters!) Dispite all this…Facebook Rolls out New Security Features What does Facebook publish about you and your friends? Searching the OpenGraph. I Can Stalk U – Raising awareness about inadvertent information sharing Swipely aims to take over where Blippy left off Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes. Thanks for listening! The post Social Media Security Podcast 14 – Recent Facebook Hacks and Controversy, Diaspora, Swipely appeared first on Shared Security Podcast.

This is the 13th episode of the Social Media Security Podcast recorded April 30, 2010.  This episode was hosted by Tom Eston and Scott Wright.  Below are the show notes, links to articles and news mentioned in the podcast: New Facebook Changes – Social Graph, Social Plugins and Instant Personalization.  Here are two articles to read on the new changes. Want to know more about the new Graph API? Read Facebook’s documentation. Tom updated his Facebook Privacy & Security Guide to version 2.1.  This update includes all the latest changes to Facebook.  Download and share with friends and family! Opps. Blippy Users’ Credit Card Numbers Exposed in Google Search Results. Does it really matter? They just got more funding! 1.5 million stolen Facebook IDs up for sale Twitter to remove Basic Authentication for Apps.  Only OAuth allowed now. That’s a good thing! Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes. Thanks for listening! The post Social Media Security Podcast 13 – Details on the recent changes to Facebook, Blippy CC issue, Bye bye Basic Auth appeared first on Shared Security Podcast.