Shared Security Podcast

This is the second episode of the Social Media Security Podcast recorded September 25, 2009.  This episode was hosted by Scott Wright, Tom Eston and our new co-host Kevin Johnson.  Below are the show notes, links to articles and news mentioned in the podcast: Introducing our new co-host, Kevin Johnson.  Kevin is a Senior Security Analyst for InGuardians and is also an instructor for the SANS Institute, teaching both SEC504: Hacker Techniques, Exploits, and Incident Handling and SEC542: Web App Penetration Testing and Ethical Hacking courses. Tom talks about the Month of Facebook Bugs (created by a security researcher called “theharmonyguy”) why this is important and how many vulnerable applications have been exploited and fixed so far.  Here is the list of top Facebook applications that Tom mentioned in the podcast. Kevin gives a great non-technical overview of a web application vulnerability called Cross-site Scripting (XSS). Many of the Facebook applications we found in the “month of Facebook bugs” were vulnerable to XSS.  Kevin describes what XSS is, how it works and how dangerous this vulnerability is to social networking applications like Facebook. Scott talks about the recent ruling regarding the Canadian Federal Privacy Commissioner vs. Facebook.  This ruling in Canada has created wide reaching changes to privacy and the way applications function within Facebook. Scott also included a brief interview with the Canadian Privacy Commissioner’s Office about this recent Facebook ruling. Tom has updated his Facebook Privacy & Security Guide.  You can download the latest version here. Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast now in iTunes! Thanks for listening! The post Social Media Security Podcast 2 – Month of Facebook Bugs, What is XSS, Canadian Privacy Ruling appeared first on Shared Security Podcast.

This is the first episode of the Social Media Security Podcast.  This episode was hosted by Scott Wright and Tom Eston.  Below are the show notes, links to articles and news mentioned in the podcast: How did socialmediasecurity.com get started?  Want to help out?  Join our mailing list! Weaponizing the Web: More Attacks on User Generated Content (good article on Nathan and Shawn’s talk) Aviv Raff’s Month of Twitter bugs, research on Facebook applications by theharmonyguy What are the Black Hat and DEFCON conferences? History of DEFCON, Black Hat and the security underground (ThreatPost interview with founder Jeff Moss) Twitter Botnet Found Want to know more about SPAM bots? Tom’s presentation at Notacon 6: Rise of the Autobots: Into the Underground of Social Network Bots (slidedeck) Tom and Kevin’s presentation at DEFCON 17 “Social Zombies: Your Friends Want to Eat Your Brains” KreiosC2: Command & Control PoC for Twitter Two more rogue Facebook apps linked to Fucabook scam Twitter Profile Image SPAM Staying clear of Twitter SPAM Private profiles on Twitter. Worth the effort? Please send any show feedback to feedback[aT]socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  Thanks for listening! **You can subscribe to the podcast now in iTunes! The post Social Media Security Podcast 1 – Zombies, Bad Facebook Apps, Twitter SPAM appeared first on Shared Security Podcast.