Shared Security Podcast

This is the 12th episode of the Social Media Security Podcast recorded March 28, 2010.  This episode was hosted by Tom Eston and Scott Wright.  Below are the show notes, links to articles and news mentioned in the podcast: Facebook is about to implement a new Facebook Privacy Policy and Statement of Rights and Responsibilities.  We put together a blog post of some must read articles on the topic. Rumor is that Facebook is going to use QR Codes as part of their Geolocation strategy (mentioned by Tom). Joan Goodchild from CSO Online interviewed Tom and Scott for an article titled: 10 Security Reasons to Quit Facebook (and one reason to stay on). Fake Zynga Toolbars Will Steal Your Facebook Password.  Watch out for those “autoplayer” scripts as well, some could be laced with evil code… The Majority of US, European users (still) click on Spam. Scott’s blog post: Security pros use layered techniques, but so do attackers.  How do you address employees using social media sites at work? Blocking access isn’t always the best solution. Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes. Thanks for listening! The post Social Media Security Podcast 12 – New Facebook Privacy Changes, Social Gaming Threats, Social Media in the Workplace appeared first on Shared Security Podcast.

This is the 11th episode of the Social Media Security Podcast recorded March 15, 2010.  Sorry for the delay on releasing this!  We should be back on our biweekly schedule soon.  This episode was hosted by Tom Eston and Scott Wright.  Below are the show notes, links to articles and news mentioned in the podcast: Buzz Opens Privacy Pandora’s Box for Google How to turn off Google Buzz, or just close some of its privacy loopholes Twitter to block malicious links.  We think this is a good thing!  Hoping Twitter rolls this out to the entire service soon. The dark side of geo: PleaseRobMe.com. Gowalla adds a new twist to location based social networking. Tom and Scott discuss some of the privacy and security issues with Geolocation services. Geostalking shows the privacy issues with location based social networks.  You might be setting yourself up for a prank call. Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes. Thanks for listening! The post Social Media Security Podcast 11 – Google Buzz, Geostalking, Twitter’s Phishing Filter appeared first on Shared Security Podcast.

This is the 10th episode of the Social Media Security Podcast recorded February 8, 2010.  This episode was hosted by Tom Eston and Scott Wright.  Below are the show notes, links to articles and news mentioned in the podcast: Shmoocon was great!  Be sure to check out the two talks about social media: Social Zombies II: Your Friends Need More Brains (video, slide deck, Facebook Application Autopwn Demo, Robin’s KreiosCS w/LinkedIn demo) and Nathan Hamiel’s talk Exposed | More: Attacking the Extended Web. Download the slide deck here. CDC Social Media Policies Facebook celebrates 400 million users by rolling out new redesign. Any new security issues? Hackers use Geolocation, Automation to target social networking sites Tom talks about some of the security and privacy issues regarding sites like Blippy and FourSquare.  CyberStalking anyone? Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes. Thanks for listening! The post Social Media Security Podcast 10 – Shmoocon, Geo-Location, Social Media Policies, CyberStalking appeared first on Shared Security Podcast.

This is the 9th episode of the Social Media Security Podcast recorded January 26, 2010.  This episode was hosted by Tom Eston and Scott Wright.  Below are the show notes, links to articles and news mentioned in the podcast: Tom and Kevin will be speaking with Robin Wood at Shmoocon Saturday, February 6th at 11am.  “Social Zombies II: Your Friends Need More Brains”. Facebook Partners With McAfee for Anti-Virus.  Does this change anything? Websense Defensio 2.0. Websense offers a Facebook application to protect users from malicious content in their profiles. How does it work and does it help? Blippy.com – How far will information sharing sites go? Blippy allows you to automatically share your credit card transactions as you make them. This includes the place you made the purchase, the amount, and in some cases, the item. No really, it’s true. Breaking up and Social Media – What happens when a relationship ends and you share a multitude of social media sites with your ex? Can you “de-friend” your ex’s whole network? What about custody of photo archives? Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes. Thanks for listening! The post Social Media Security Podcast 9 – Defensio, Blippy.com, Relationships and Social Media appeared first on Shared Security Podcast.

This is the 8th episode of the Social Media Security Podcast recorded January 8, 2010.  This episode was hosted by Tom Eston, Kevin Johnson and Scott Wright.  Below are the show notes, links to articles and news mentioned in the podcast: Backupify.com – A solution for backing up all your social media site content.  Check out theharmonyguy’s manual method for Facebook. Commit virtual social media suicide!  This service will remove your social network profiles, change your profile picture and password so you can never use the account again.  Facebook is currently blocking the service as they say it’s a violation of their ToS. Clearing up questions about what Facebook Applications can access in your profile ** An application has access to your PAI and anything visible to “Everyone” as soon as you stop by – no authorization necessary. “When you visit a Facebook-enhanced application or website, it may access any information you have made visible to Everyone (Edit Profile Privacy) as well as your publicly available information. This includes your Name, Profile Picture, Gender, Current City, Networks, Friend List, and Pages. The application will request your permission to access any additional information it needs” 10 Basic Concepts of Facebook Privacy Facebook Groups that add non-existent “features”. You may want to check out our group! Send it to your friends! Who is @robinsage on Twitter?  Drawing the line with fake accounts, how far is too far? Import Facebook emails to find out real pictures and profile information, new spamming technique. Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes. Thanks for listening! The post Social Media Security Podcast 8 – Would You Commit Social Media Suicide? appeared first on Shared Security Podcast.

This is the 7th episode of the Social Media Security Podcast recorded December 21, 2009.  This episode was hosted by Scott Wright and Tom Eston.  Below are the show notes, links to articles and news mentioned in the podcast: Tom and Scott talk about the new Facebook privacy settings.  Tom released an updated Facebook Privacy & Security Guide as well as a video walkthrough. Tom talks about a work around by theharmonyguy to easily view hidden Facebook photo albums.  This does not circumvent Facebook privacy settings, it just “unhides” photo albums set to “Everyone”. Mark Zuckerberg’s pictures exposed by Facebook privacy roll-back Did you know that your Facebook events can be viewed via the API as well? Scott’s Security Views Post on theharmonyguy’s battle with Facebook around security assurance for the Facebook platform. What are Twitter lists and are there any security concerns with them? Scott talks about the recent FTC Endorsement and Testimonial Guidelines for Bloggers, Podcasters and Other Social Media Publishers. Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes. Thanks for listening! The post Social Media Security Podcast 7 – New Facebook Privacy Settings, Twitter Lists, FTC and Bloggers appeared first on Shared Security Podcast.

This is the 6th episode of the Social Media Security Podcast recorded December 3, 2009.  This episode was hosted by Tom Eston and Kevin Johnson.  Scott Wright joins in as “god” during post-edit.  Below are the show notes, links to articles and news mentioned in the podcast: New privacy settings in Facebook are rolling out, regional networks are being removed.  Be sure to check out the comments under Mark Zuckerberg’s blog post…all spam! Is Facebook photo tagging still a big fail? Scott clarifies this for us.  The solution to this is to adjust your privacy settings to allow only you to see tagged photos of yourself and ensure email alerting is on to alert you when a new photo is tagged of you.  That way you can easily remove any tagged photo of you.  There is also no way to “prevent” a photo of you being tagged.  However, to tag someone they need to be in your friends list.  How about false tagging?  Someone tagging you in a naughty picture…reputation issue?  What if you don’t have a Facebook account and friends make comments regardless? Police create fake Facebook account to bust a college student for underage drinking.  Did the police go too far or this is acceptable practice in this day and age? Kevin talks about Clickjacking.  What is it and what do users of social networks need to be aware of? Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes! Thanks for listening! The post Social Media Security Podcast 6 – Privacy, Photo Tagging, Facebook Police, What is Clickjacking appeared first on Shared Security Podcast.

This is the 5th episode of the Social Media Security Podcast recorded November 20, 2009.  This episode was hosted by Scott Wright and Tom Eston. Kevin Johnson will be joining us for the next podcast.  Below are the show notes, links to articles and news mentioned in the podcast: Tom gives an overview of the OWASP AppSec DC conference. Koobface now using Google Reader for links.  Very good paper on how Koobface works. Google Launches Privacy Dashboard. Google Wave Gadget to Make Your Friends Logout. Google’s ChromeOS.  What is it and how does this relate to social media use? Foursquare.  What is it and are there any security/privacy concerns?  Search Twitter for others using Foursquare.  Import your contacts, social network friends.  The Google contact import method is not secure (screenshot). Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes! Thanks for listening! The post Social Media Security Podcast 5 – Google Reader, Privacy, Wave, ChromeOS and Foursquare appeared first on Shared Security Podcast.

This is the 4th episode of the Social Media Security Podcast recorded November 6, 2009.  This episode was hosted by Scott Wright, Tom Eston and Kevin Johnson.  Below are the show notes, links to articles and news mentioned in the podcast: More scams on Twitter including the recent IQ quiz attack.  Disinformation on social networks…someone died example..are you sure they are really dead? Tom talks about his Open Source Intelligence Gathering talk that he recently gave.  How do you find information posted about your company on social networks and why should you look?  Now is probably a good time for your company to create a social media strategy and then develop a Internet postings policy around this strategy. Cisco has a great Internet posting policy to reference when created one for your company. Scott talks about creating a postings policy for your company.  Here is a link to the Forrester book titled “Groundswell” that talks about creating a social media strategy. Kevin talks about Google Wave.  What is it and why would we want to use this?  What are some of the security issues with Google Wave?  Check out the great research that theharmonyguy has been doing on Google Wave. Developers! Please start coding securely from the beginning of the project! ktksbai. Be sure to follow us on Twitter to stay up-to-date on all the latest news in the world of social media security! Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast now in iTunes! Thanks for listening! The post Social Media Security Podcast 4 – Death by Twitter, Open Source Intelligence, Policies, Google Wave appeared first on Shared Security Podcast.

This is the third episode of the Social Media Security Podcast recorded October 23, 2009.  This episode was hosted by Scott Wright, Tom Eston and Kevin Johnson.  Below are the show notes, links to articles and news mentioned in the podcast: Tom and Scott talk about phishing on social networks. How can you tell the difference between a fake friend request and a real one? Here is a screen shot of a fake friend request and a real friend request.  Just by looking at the email…it’s really hard to tell the difference isn’t it?  The only way you can tell the difference is to look at the URL the link is going to by looking at the message source (code and/or mail header info).  We advise you check your Facebook Inbox for legitimate friend requests, don’t click on friend request links in email. Tom gives a primer on Koobface. What is the Koobface worm and how does it spread?  If you want to learn more about Koobface check out this very good paper created by TrendMicro on how Koobface works. Kevin gives a great non-technical overview of CSRF (Cross-site request forgery).  Want to see a real CSRF attack demonstrating stealing private Facebook profile information? Check out this video and blog post.  Here is the great talk by Jeremiah Grossman about exploiting business logic flaws that Tom mentioned. Interested to know more about CSRF? Check out Security Now! Episode 166. Are your protected tweets able to be searched by Google?  Tom clarifies that this article was not true at all.  However, there are some important things you need to know about protected tweets and why making your Twitter account private doesn’t buy you much. Due to popular demand we are going to try recording the podcast bi-weekly! Be sure to follow us on Twitter to stay up-to-date on all the latest news in the world of social media security! Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast now in iTunes! Thanks for listening! The post Social Media Security Podcast 3 – Phishing and Koobface, What is CSRF, Protected Tweets appeared first on Shared Security Podcast.