Shared Security Podcast

This is the 59th episode of the Shared Security Podcast sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston and Scott Wright recorded January 11, 2017 (Happy New Year!). Below are the show notes, commentary, links to articles and news mentioned in the podcast: Amazon Is Already Winning the Next Big Arms Race in Tech If you haven’t heard this mentioned in the news (real news, not the fake news) but Amazon’s Echo virtual assistant (Alexa) as been a hot selling device this holiday season. Other recent announcements coming from the CES show in Las Vegas have shown that other manufactures of lots of different products like your “smart” refrigerator to your “Internet enabled” patio lights are all able to be controlled through Amazon’s Echo. We’ve also heard about some very interesting privacy issues where the device can order things off of Amazon without you really knowing and a host of other privacy related challenges. Tom recently purchased an Amazon Echo Dot to test…for science of course! In related news, did you know Google is recording your voice when you use it’s voice “search” service? Time to check this out for yourself and adjust those privacy settings if necessary. Carnival Announces Wearable Medallion, a Device that will Transform Cruising Hmmm…where have we seen this before? Remember Disney “Magic Bands”? The cruise industry is now implementing similar technology on it’s cruise ships. Is this any different than what Disney has done and what are some of the privacy issues you should know about. Popular Netgear wifi home router has critical flaw – Now patched The media sounded the alarm about a “critical” flaw in the most popular wifi router sold on Amazon (Netgear Nighthawk Series). Unfortunately, many of these stories in the media said to stop using your router immediately. This was not really good advice and the risk of being exploited by this vulnerability would be very rare. Scott and Tom discuss the ramifications of “alarmist” announcements over security vulnerabilities as well as what you should do if you have one of these routers in your home. Federal Trade Commission comes down on DLINK for poor security In a rather unprecedented announcement the FTC in the United States recently issued a lawsuit against DLINK who manufactures home wifi routers for poor security practices. Will this become a trend? If it helps improve the security of these devices we’re all for it (within limits). EFF’s Privacy Badger 2.0 browser plugin Shout out to the EFF (Electronic Frontier Foundation) who recently released the next version of their Privacy Badger browser plugin. This plugin blocks ads and prevents known “trackers” from pulling information about you and your browsing habits. Here is a full description from the EFF website: Privacy Badger is a browser add-on that stops advertisers and other third-party trackers from secretly tracking where you go and what pages you look at on the web. If an advertiser seems to be tracking you across multiple websites without your permission, Privacy Badger automatically blocks that advertiser from loading any more content in your browser. To the advertiser, it’s like you suddenly disappeared. We highly recommend installing and using it to protect your privacy while using the Internet. You should also check out all the great tools and other projects that the EFF does to fight for your privacy on the Internet. Please send any show feedback to feedback [aT] sharedsecurity.net or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Be sure to visit our website, follow us on Twitter and like us on Facebook. Thanks for listening! The post The Shared Security Podcast Episode 59 – Amazon Echo, Wifi Router Security, EFF Privacy Badger appeared first on Shared Security Podcast.

This is the 58th episode of the Shared Security Podcast sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston and Scott Wright recorded November 29, 2016. Below are the show notes, commentary, links to articles and news mentioned in the podcast: Privacy Panic? Snapchat Spectacles raise eyebrows Anyone remember Google Glass (which was a failed product by the way)? This time Snapchat is releasing their own type of wearable tech called “Spectacles”. What are the privacy ramifications to be concerned about? Not much, and we’ll see if they take off with the younger generation. Oh, and don’t be a “Snap-Hole”! A new app that lets users’ friends ‘virtually walk them home at night’ is exploding in popularity We think this personal safety app is a great use of GPS and location sharing technology. Hopefully the “Companion” app catches on with college campuses helping to make people feel more safe. A 10-Digit Key Code to Your Private Life: Your Cellphone Number We often think about securing information that we deem “private” like a SSN but what about your mobile number? This article explores the privacy and security issues of how your mobile number can be used to find out personal details about you and link this information together. It can be a goldmine for advertisers as well as potential attackers! Meet PoisonTap, the $5 tool that ransacks password-protected computers PoisonTap is a device recently released by a security researcher that can be plugged into a “screen locked” computer to intercept web traffic and install backdoor malware. The device is cheap to make with a RaspberryPi. We don’t think this is a huge threat but businesses should review their desktop/laptop security procedures to ensure devices like these can’t be inserted (locked or unlocked). What happens when bots start writing code instead of humans Are we at the point where bots are going to be writing code and all of our security problems will just disappear? Not yet! This is an interesting article that Tom and Scott discuss about how new web and mobile applications are being developed without much “coding” involved. Essentially with new development frameworks you really don’t need to know anything about computer programming. Of course like anything there are positives and negatives to this approach but education is going to be the key or we’re going to have bots that are programmed by humans to write insecure code (just Tom’s unsupported theory) Please send any show feedback to feedback [aT] sharedsecurity.net or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Be sure to visit our website, follow us on Twitter and like us on Facebook. Thanks for listening! The post The Shared Security Podcast Episode 58 – Snapchat Spectacles, Mobile Number Privacy, PoisonTap appeared first on Shared Security Podcast.

This is the 57th episode of the Shared Security Podcast sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston and Scott Wright recorded October 5, 2016. Below are the show notes, commentary, links to articles and news mentioned in the podcast: Hackers Stole Account Details for Over 60 Million Dropbox Users Have a Dropbox account? Change your password immediately! Yahoo: The Largest Password Breach in History (and what you should do about it if you use Yahoo services) This is another breach that happened years ago but we’re just now finding out about it. This breach in particular is the largest ever, 500 million users! Scott and Tom discuss the ramifications of this breach and what you need to do if you use Yahoo services. Also interesting to note that Yahoo was just purchased by Verizon. It will be interesting to see how this acquisition plays out given the recent breach and negative publicity. Record-breaking DDoS reportedly delivered by >145k hacked cameras The largest DDoS (Distributed Denial of Service) attack has also taken place! (many firsts and record breaking security news this time around). Scott and Tom discuss who was targeted and how thousands of hacked camera’s were used in the attack. Hackers can track your keystrokes through your Wi-Fi signal While this headline may seem scary, Scott and Tom discuss why this new threat may not be such a threat after all (at least not right now). L0phtCrack 7 Shows Windows Passwords Easier to Crack Now Than 20 Years Ago Password cracking programs like L0phtCrack have not evolved much over the last 20 years because unfortunately not much has changed with password security (especially with Windows systems). Those chip and PIN cards aren’t as secure as we thought Chip and PIN is here in the USA! Is it secure? Like anything, everything is hackable. Scott and Tom discuss some new research that was presented at the DEF CON hacking conference that sheds new light on some interesting ways to compromise Chip and PIN. (You can read that as: it’s possible but difficult to pull off). Fun with LinkedIn Endorsements (a lesson on client side security) Want to have fun with your LinkedIn contacts? Here’s a great story about how you can abuse LinkedIn’s “endorsement” feature. (for fun of course!) Please send any show feedback to feedback [aT] sharedsecurity.net or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Be sure to visit our website, follow us on Twitter and like us on Facebook. Thanks for listening! The post The Shared Security Podcast Episode 57 – Dropbox and Yahoo Breach, IoT DDoS, LinkedIn Endorsements appeared first on Shared Security Podcast.

This is the 56th episode of the Shared Security Podcast sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston and Scott Wright recorded August 17, 2016. Below are the show notes, commentary, links to articles and news mentioned in the podcast: Bitmoji keyboard for Apple iOS devices wants “Allow Full Access”. How bad is this? A word of caution for applications that either replace or allow access to your keyboard on your mobile device! Over 90 per cent of ICS devices exposed to Internet are vulnerable Some rather interesting statistics released by Kaspersky recently that show ICS (Industrial Control Systems) that happen to be exposed to the Internet are vulnerable. What does this mean for critical systems such as our power grid? Tesla ‘self-driving’ mode linked to first traffic death in potential setback to autonomous cars It was bound to happen eventually but the first documented traffic death has happened due to the self-driving feature of the Tesla. Like all new technology that humans have used for transportation (i.e. spacecraft) many have problems early on but over time this technology is safer to use (statistically speaking). Facebook activates Safety Check after Orlando massacre You may have seen a notification from Facebook pop up on your feed if you are geographically located near a disaster or new ways for you to “check in” with loved ones. This is a great new feature which should help improve communication to others when a disaster occurs. Twitter’s ‘blue tick’ Available To The Masses Twitter’s famous “blue tick” validation process is now available to the public. However, as co-host Tom Eston found out, you have to be a pretty well known public figure and the process is still very subjective. I guess Tom isn’t famous enough to be validated by the Twitter gods as human. A happy story about a kid’s smart watch that saved him from being kidnapped We don’t hear a lot about new technology saving lives but here’s one that helped a kid from being kidnapped. Scott and Tom discuss chat bots! What are they and how have they evolved? What risks to they present? Chat bots could have been used in this recent crisis with Delta Airlines. Please send any show feedback to feedback [aT] sharedsecurity.net or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Be sure to visit our website, follow us on Twitter and like us on Facebook. Thanks for listening! The post The Shared Security Podcast Episode 56 – Chat Bots, Self-Driving Cars, Bitmoji Keyboards appeared first on Shared Security Podcast.

This is the 55th episode of the Shared Security Podcast sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston and Scott Wright recorded July 6, 2016. Below are the show notes, commentary, links to articles and news mentioned in the podcast: If Mark Zuckerberg Can Be a Hacking Victim, So Can You Getting hacked can happen to anyone. This is an interesting read about how a previous password breach that happened several years ago may come back to haunt you! Cool geographic tweet map tool This is an interesting tool to see tweets on a map via geolocation. You may be surprised what you find so always be aware that you may be sharing your location with others while using Twitter. Why you shouldn’t share links on Facebook Tom and Scott discuss a privacy flaw with Facebook Messenger that many would consider a vulnerability but its just how Facebook Messenger was designed. Be careful what links you share via Facebook Messenger! Warning! CCTV Cameras Sold on Amazon Come with Pre-Installed Malware There have been more IoT devices found pre-installed with malware on Amazon! Be sure to check the reviews and do your research before buying cheap camera’s like this. More IoT horror stories… this time security cams again Short story about someone who bought and returned a security cam, then got notifications and could view the new owner’s live cam feed. This is a great example of poor hardware design. Banks are moving to biometrics instead of passwords for authentication Interesting read on how some large banks are starting to get away from passwords and using more of the biometrics built into your mobile phone. So Hey You Should Stop Using Texts for Two-Factor Authentication The way of doing two-factor authentication by SMS text message isn’t as secure as you might think! Comparing how security experts and non-experts stay safe online What type of advice to stay safe online do the non-experts have vs. the security experts? This is a fascinating read from the Google security team! Conficker worm used in new medical device hacks Conficker is back! This time infecting medical devices. Please send any show feedback to feedback [aT] sharedsecurity.net or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Be sure to visit our website, follow us on Twitter and like us on Facebook. Thanks for listening! The post The Shared Security Podcast Episode 55 – IoT Horror Stories, Biometrics, Staying Safe Online appeared first on Shared Security Podcast.

This is the 54th episode of the Shared Security Podcast sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston and Scott Wright recorded June 1, 2016. Below are the show notes, commentary, links to articles and news mentioned in the podcast: How to see all the companies tracking you on Facebook — and block them Have you ever wondered how all those companies can target you and your interests on Facebook? This is some of the best privacy advice for Facebook we’ve seen in a long time. Cluster of “megabreaches” compromises a whopping 642 million passwords There have been many password breaches in the news and these recent ones have happened years ago that we’re just now finding more information about the extent of the breach. One suggestion we have to help combat situations like these is to periodically change your passwords. If you make this a habit you can prevent the possibility that someone may already have access to one of your accounts due to an undisclosed password breach. The same good password habits always apply as well: use a password manager and always choose complex and unique passwords for each account. A Whole Lot of Nitwits Will Plug a Random USB Into Their Computer, Study Finds It’s been some time since we’ve talked about how it’s common for people to find random USB drives and plug them into their computers to see whats on them. This recent academic study talks about some interesting results and as we’ve found out…not much has really changed over the years. If you’ve been following the podcast for awhile Scott Wright had done similar research during his Honeystick Project that you might find interesting and related to this new study. Hacking into homes: ‘Smart home’ security flaws found in popular system If you have purchased or are using Samsung’s SmartThings IoT platform you should give this article a read. This is another example of “Internet of Things” products that should not be used for security purposes because of the significant security issues. Here’s What It Looks Like When A ‘Smart Toilet’ Gets Hacked This is a funny video of a hacked “Smart Toilet”. Our professional opinion on this is that hacking toilets isn’t so funny if you’re the victim. Please send any show feedback to feedback [aT] sharedsecurity.net or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Be sure to visit our website, follow us on Twitter and like us on Facebook. Thanks for listening!   The post The Shared Security Podcast Episode 54 – Facebook Ad Privacy, Password Breaches, Random USBs appeared first on Shared Security Podcast.

This is the 53rd episode of the Shared Security Podcast sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston and Scott Wright recorded May 4, 2016. Below are the show notes, commentary, links to articles and news mentioned in the podcast: Scott and Tom talk about VPNs What is a VPN and why would you want to use one? Also, Scott talks about a few recommendations for a personal VPN based on his experience using a few. Here is also a decent list of popular VPNs that you might find helpful. EZCast vulnerability Own an EZCast? Be sure to read about this recent vulnerability affecting these popular devices. Barracuda firewalls aim to protect IoT Firewall technology is now evolving to protect IoT devices. This one from Barracuda shows the power of this technology as well as the Eero Mesh Router. Microsoft deletes ‘teen girl’ AI after it became a Hitler-loving sex robot within 24 hours In other news…this is what can happen when AI is given to the general public to interact with. Hopefully this is a lesson for Microsoft and any other company that is developing AI for the future. Google Nest disabling all Revolv devices illustrates the risks from buying “connected” devices that can be turned off at will by the owner of the service. This story is another great example of IoT risks when it comes to technology no longer supported. Please send any show feedback to feedback [aT] sharedsecurity.net or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Be sure to visit our website, follow us on Twitter and like us on Facebook. Thanks for listening! The post The Shared Security Podcast Episode 53 – The VPN Episode, AI Gone Bad, Google Nest appeared first on Shared Security Podcast.

This is the 52nd episode of the Shared Security Podcast sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston and Scott Wright. This episode was recorded March 9, 2016. Below are the show notes, commentary, links to articles and news mentioned in the podcast: Unexpected implications arising from the Internet of Things This was an interesting article about some of the “unexpected” security and privacy things that people don’t really think about. For example, what are the ramifications of IoT technology that might be hacked to create fake sensor and video data for criminal activity? What happens to the security budgets of organizations that need to address these new risks? It’s an interesting time to be in this space. -Tom Peer-Seeking Webcam Reveals the Security Dangers of Internet Things This is just one example but like other new IoT related technology data is being sent to multiple third-parties and peer networks are being created, all without your knowledge. What makes this webcam interesting is that disabling the peer sharing capability doesn’t actually disable anything. How many other devices like this have the same issue? -Tom Follower: the “creepiest social network” that follows you in real life Just when you thought the traditional social networks we use were sometimes creepy, here comes “Follower”. Follower is a social network that allows you to have real people follow you around and take pictures of your activities all without you knowing where your “follower” is. If you’re looking for a real-life stalker this might be the social network you’re looking for. -Tom Payroll data leaked for current, former Snapchat employees Two recent breaches highlight the need for more eduction about targeting phishing attacks. Both Snapchat and Seagate each fell victim to a very similar phishing attack targeting payroll information. The attack was very simple and also very easy to spot if you know the signs of an attack like this. -Tom The Cerber Ransomware not only Encrypts Your Data But Also Speaks to You Ransomware has been around for awhile but now we’re starting to see the next evolution of this type of malware…where it talks back to you. Give this article a read if you want to know more about how this malware works and what to do if your computer is infected with it. -Tom Please send any show feedback to feedback [aT] sharedsecurity.net or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Be sure to visit our website, follow us on Twitter and like us on Facebook. Thanks for listening! The post The Shared Security Podcast Episode 52 – Creepy New Social Network, Phishing Dangers, Ransomware appeared first on Shared Security Podcast.

This is the 51st episode of the Shared Security Podcast sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston and Scott Wright with special interview guest Andrew Patrick from the Office of the Privacy Commissioner (OPC) of Canada. This episode was recorded February 10, 2016. Below are the show notes, commentary, links to articles and news mentioned in the podcast: Online Behavioral Advertising – An interview with Andrew Patrick from the Office of the Privacy Commissioner (OPC) of Canada Today, Scott had a great discussion with Andrew Patrick regarding OBA, or what some listeners might know as “Tracking Ads”. We discussed why the OPC has in interest in OBA, and how it relates to Canadian privacy legislation. We also looked at one of the recent cases of OBA that the OPC was involved in, where a person complained that sensitive health information from searches and web surfing over time was being used to present ads for products to them across many different websites, many of which were not related in any way to the ads being served. Here are some interesting and related articles from the OPC regarding OBA that are worth reading: A policy position on OBA and the situations when opt-out consent may be appropriate. A report of an investigation the OPC did into Google’s OBA practices related to a health-related device. A recent follow up research report where the OPC surveyed OBA practices across a number of leading Canadian websites. Thanks to Andrew Patrick and the Privacy Commissioner for making their time and resources available to us on the Shared Security Podcast. It is really encouraging to see the Canadian Government taking such an active role in helping citizens protect their privacy and personal information. Security Issues with Connected Toys New technology also comes with great responsibility…even more so if it concerns children. More “smart” toys are being found with security vulnerabilities that could lead to personal inforamtion about children being exposed. In this case the app used with the Fisher Price “Smart Bear” had security vulnerabilities that if exploited could steal a child’s name, birthdate and gender, along with other data. Fortunately, Fisher Price quickly fixed the issue. -Tom 15 Dangerous Apps Every Parent Should Know About If you’re a parent with teens you should definitely check out this document of the 15 most “dangerous” mobile apps your teens may be using. I don’t think dangerous is the right word as some of these apps have legitimate purposes. However, we all know kids will use apps like these for things like sexting and other activity that parents need to be monitoring for. Give this document a read…you might not be aware of some of these apps and as a parent it’s good to be as educated as possible about these apps. Also, this document touched a little on this but there are lots of apps that look legitimate but in fact will “hide” photos and videos inside of them. The most popular with teens seem to be “Calculator +” applications (like this one in the iTunes store). The lesson here is to check out all the apps your teen has on their mobile device and investigate their usage. -Tom Facebook-prowling predator arrested after mother helps police This is a good article about how a parent did some investigating of their child’s friends list on Facebook and found a convicted sex offender. There are also some rules for parents (and teens) in the article that are good to review. We talk about these same “social media” rules in many of our podcast episodes. -Tom Connected devices quietly mine our data, privacy experts say (Scott was featured in this article) The real message here is that you should realize that we are far from over-reacting to these kinds of risks, and in the big picture, we all need to watch the trends to understand the risks. -Scott Please send any show feedback to feedback [aT] sharedsecurity.net or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Be sure to visit our website, follow us on Twitter and like us on Facebook. Thanks for listening! The post The Shared Security Podcast Episode 51 – Online Behavioral Advertising in Canada, Toy Security, Dangerous Apps for Teens appeared first on Shared Security Podcast.

This is the 50th episode of the Shared Security Podcast sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston and Scott Wright with special guest Alex Hamerstone from TrustedSec recorded January 21, 2016. Below are the show notes, commentary, links to articles and news mentioned in the podcast: 2016 Reality: Lazy Authentication Still the Norm This is a great story from Brian Krebs own personal experience regarding how his PayPal account was “hacked”. It was not “hacked” in the way you would normally thing via stolen credentials or password guessing. His credentials were reset over the phone via some easy social engineering techniques and information that was easily accessible through some Internet reconnaissance. Brian even had a PayPal two-factor authentication token for extra security. It goes to show you that organizations like PayPal need to look at all the different attack vectors that someone would use to gain access to accounts and protect their customers appropriately. -Tom Stop doing quizzes on Facebook if you place any value on your privacy It’s been awhile since we’ve talked about those Facebook quizzes and surveys that you see many of your friends sharing with you on Facebook. While these may seem fun and harmless on the surface often these “apps” will collect your email address, list of friends and other personal information from your Facebook account. All of this is done within their legal terms of service of course! This is not a Facebook specific issue either. The problem lies with the third-party developer who will receive your personal information and what they do with it. This article is a great reminder of what information can be harvested when you take quizzes and surveys like this on Facebook. -Tom Pre-crime arrives in the UK: Better make sure your face stays off the crowdsourced watch list I love the movie “Minority Report” because it’s a look into the (rather scary) future of facial recognition and this notion of “pre-crime” identification. In the present we’re already seeing some of the technology mentioned in the movie come to reality and this article takes this concept a step further by delving into “pre-crime” and determining if someone is about to commit a crime if their face has been identified in several so called “watch lists”. This is potentially dangerous to innocent people if you tend to look like someone else or if you find yourself in the “wrong time at the wrong place” kind of situation. It will be interesting to see how this technology and government policies around facial recognition evolve to prevent the innocent from being falsely accused of “crimes” they may never commit. -Tom The super creepy side of the Internet of Things and smart homes This is a revisit of some topics we’ve covered in previous episodes. I was fascinated with a statistic from the article that stated: “a Microsoft survey found that 99.6% of people would gladly accept cash in exchange for having their activities tracked, what happens to those who give it up unwillingly because of security vulnerabilities in their smart home appliances?” This is a great question and makes me wonder if many companies that are developing IoT devices (especially ones focused on the consumer ‘smart home’ market) will even start to take vulnerabilities in these devices seriously. -Tom Xfinity’s Security System Flaws Open Homes to Thieves Self-installed wireless home security systems like the Xfinity system are all the rage right now with consumers. These wireless alarm systems are now very affordable and reliable that can help deter and prevent theft. However, how secure are these systems given that this technology rather new and are now part of the “Internet of Things”? If you own one of these alarm systems this is a great article to make yourself aware of some vulnerabilities these systems have. Sparing you the technical details essentially this specific wireless security system can be jammed using a device purchased off of eBay or put together on your own for about $130 in easily obtained parts. The casual thief probably won’t go to this level to break into most homes, however, most people that buy these systems post signs outside of their homes advertising the exact security system they have which also gives away it’s known vulnerabilities. This is a great example of vendors getting involved to either limit the jamming issue or mitigate the risk by implementing a better alerting system to identify when the alarm system is being jammed. -Tom Please send any show feedback to feedback [aT] sharedsecurity.net or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next e

This is the 49th episode of the Shared Security Podcast sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston and Scott Wright recorded December 16, 2015. Below are the show notes, commentary, links to articles and news mentioned in the podcast: People’s Deepest, Darkest Google Searches Are Being Used Against Them You should really always be thinking about how your search queries could end up putting you on a “sucker list”. There there seem to be two levels of exploiting your search queries: Direct categorization by the search engine, which leads to more targeted advertising – We may not think about how the entities that have access to our search queries might use them against us (or for us, in their interpretation – “all the better to serve you relevant content, my dear”). In fact, Mikko Hypponen says in his Ted Talk from October, 2013, “We are brutally honest with search engines. You show me your search engine history, and I will find something incriminating or embarrassing in 5 minutes.” So, I’d like you to ask yourself, “Do you really want to trust the guys – whose livelihood is derived from selling information about you – to know exactly what your most burning questions are?” Luring to pages that collect information – These pages try to get you to “self-screen”, using the byproducts of failed searches and application forms (called remnants), which have value to some bottom-feeders There’s a big profit in just trying to categorize people, especially if they can identify people who are better than average candidates for any type of businesses they can sell the lists to. There can also be a lot of bait and switch tactics to get around Google’s predator defences. This is one of the reasons that “data never dies”. As soon as it’s captured, the data is copied and correlated with other data that makes it more valuable. It will quickly end up in a place where you can’t delete it. – Scott Man-in-the-middle attack on Vizio TVs coughs up owners’ viewing habits Product vendors need to stop assuming that nobody cares about the data they collect and/or send over the Internet. It used to be that the Internet was mostly insecure because not much was encrypted. Now, with Google, Facebook, Twitter and many of the most popular sites using the TLS standard for encrypting all data to and from their sites (even if it’s not a form with sensitive data), there’s an expectation that if your product doesn’t secure its communications, it can be the weakest link for customer privacy. So, all data has to be encrypted properly, which means using standard protocols for authenticating end points and encrypting messages. Not using proper data security within new products is inexcusable. The reason I say “standard protocols” is that very often, vendors think they are being clever by inventing their own way of hiding or securing data. This rarely works, especially these days, when virtually every new product is being analyzed by researchers or bad guys to find vulnerabilities. There’s plenty of free software available that can do security properly (e.g. http://libsodium.org ), so why would you try to invent your own, which is going to cost a lot of money, and more than likely will be bypassed at some point. This is all aside from the fact that many product manufacturers seem intent on violating customers’ privacy to gain added “Lifetime Value” from them. – Scott BadBIOS is back – this time on your TV Just like in the days when laptops started to come with built-in webcams, and we recommended covering the camera with some tape, sounds like it’s time to recommend explicitly disabling microphones on all devices. This is probably easier said than done, though… – Scott Your Internet router is a security risk It’s time to dust off that router that never gets touched (or updated). There are many different types of vulnerabilities in those home Internet wifi routers that go beyond not changing those default credentials. It’s worth two minutes to login to your router and to check for any updates that may have been released since you purchased it. – Tom The Healthcare Internet of Things: Becoming a Reality IoT goes beyond FitBit’s and heath tracking apps. Soon we will start to see much more “invasive” use of this technology including thermostats that automatically adjust based on your body temperature and lights that auto-adjust based on your mood and time of day. If anything, something to be aware of especially when it comes to your personal information being used by these devices. – Tom Facebook M — The Anti-Turing Test While Facebook M is still in beta…it’s interesting to see where AI is going and how we may rely more on AI in the future. I like to mention Facebook M because it’s taking A

This is the 48th episode of the Shared Security Podcast sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston and Scott Wright recorded November 23, 2015. Below are the show notes, commentary, links to articles and news mentioned in the podcast: Hacking tool swipes encrypted credentials from password manager This article, and the associated incident, is an excellent reminder that there is no easy solution to securing EVERYTHING. Using an infected computer presents so many catastrophic scenarios, it’s not really wise to view this problem as a problem with password managers. If a computer is infected with malware, the attacker can capture passwords as you enter them into any site. You could add a 2-factor authentication mechanism (like Google Authenticator), or force a user to enter a master password to access anything in a password manager’s database, but you then still have the problem of malware capturing what you enter into a site’s password field (even without a password manager), and the 2-factor MAN-IN-THE-MIDDLE attack we talked about in the last episode of the Shared Security Podcast. This is one of many reasons I often emphasize the need to try to avoid malware risks by having good surfing habits, like: – Not visiting questionable sites – Not clicking on links or attachments in emails you weren’t expecting, or that look suspicious – If you must do the above, do it on a different computer or a Virtual Machine environment, where an infection will probably not compromise your existing data I still use a password manager, because it helps defend against many more risks than it is vulnerable to. – Scott Your Unhashable Fingerprints Secure Nothing Wow! I’ve actually had my concerns about any biometric authentication schemes (like fingerprints, iris scanners, facial recognition, etc.) since watching the movie MINORITY REPORT. Now, I’m CERTAIN they are not the way to go. This is an amazingly well-written story that explains in elegant detail why fingerprints (and, I suspect, most biometric authentication factors) are actually a dangerous way of authenticating people. If you’re not technically inclined, it could be a difficult article to read, but here are my important take-aways: 1) THEY AREN’T REALLY SECRET – Your fingerprints are probably not as secret as any of your well-chosen passwords, because they can be either photographed from a fair distance with a high resolution camera, or lifted using standard forensic techniques from almost anything you’ve touched (e.g. a mug, a door knob, a keyboard, a steering wheel, a water tap, a seat back, etc.); 2) THEY ARE EASY TO REPRODUCE AND USE TO IMPERSONATE YOU – Fingerprints, once known (by lifting or by high resolution photos), can be easily reproduced pretty quickly, and without much effort, on a LATEX SKIN, and used at will; 3) THEY CAN’T BE REVOKED OR CHANGED – If your fingerprint is lifted from something and used to compromise your identity, there is literally no way to revoke – or reset – your fingerprint authenticator. So, it should never be used again, just like when you are asked to change your password after a data breach; 4) THEY AREN’T USUALLY SECURED WELL (or HASHED) – For fingerprint authentication to work properly, an authentication system has to verify that an impression of your print at the time of an authentication request is a CLOSE MATCH to one you gave at the time you registered to the system. To do this, it has to be easy for the system to retrieve your exact original print(s), so they can be compared and scored for SIMILARITY. This requirement means that the database must be MUCH MORE VULNERABLE to brute force attack than a good password hash database. In a well-constructed password hashing scheme, if an attacker manages to guess a correct password (very unlikely), they must start over to get any others. For a fingerprint (or most biometric) databases, it’s likely that the entire database is encrypted in a way that makes it easy to retrieve ALL of the prints. If these points don’t make sense to you, then I’m afraid you’re going to have to read the article – which you really should do anyway – before you use something like Touch-ID on an iPhone. – Scott CCTV Botnet In Our Own Back Yard With the convergence of physical security devices (like CCTV cameras) and networking technologies there was always a risk that something like this could happen. Again, this goes back to the device manufacture and ensuring that IoT devices such as CCTV cameras are built with security in mind from the beginning. It also means that when people and organizations buy CCTV camera’s they need to harden and secure them before deployment. Default credentials is the number one attack vector we se

This is the 47th episode of the Shared Security Podcast (formally the Social Media Security Podcast) sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston and Scott Wright recorded October 28, 2015. Below are the show notes, commentary, links to articles and news mentioned in the podcast: Do you know which of these stars have the most celebrity impersonations? I did a quick check of which celebrity had the most impersonators on each social networking site: Facebook – Bradley Cooper Twitter – Angelina Jolie and Channing Tatum Google Plus – Angelina Jolie and Jared Leto Instagram – Jennifer Lawrence and Angelina Jolie Youtube – Jennifer Lawrence LinkedIn – Brad Pitt I also noted that there were less than 30 impersonators in total, for all the celebrities in the picture, on LinkedIn. What does this mean? It might mean scammers are less excited about using LinkedIn, but it could also mean that businesses don’t use LinkedIn so much for communicating with their followers. I think there’s just as much scamming going on by attackers who impersonate businesses in the more popular social networking applications. What I also think is interesting is how ZeroFox uses advanced tools to categorize the potential attackers and prioritize the risk from each impersonator, which involves separating the parodies from the real scammers. – Scott Our kids need to talk about it This is a really an important and eye-opening article. It digs a little deeper into the frequent negative impacts that social media have on children and families. It strikes me that both parents and teachers – those who see kids most often every day – really should receive some guidance for dealing with these issues, both in a preventative sense, and in a responsive attitude. You’re never going to be able to completely protect your kids from some of these effects. So, you will have to be able to recognize the signs, and try to act to limit the potential damage. Knowledge of child psychology might help. But it’s also just letting your kids know that you’re trying to understand the pressures they are feeling, so you can help them through. I think discussing stories of incidents that may have happened to others (either in the news, or in your community) makes it easier for them to relate, and discuss their views. As a parent of 3 kids, I think you also have to resist the urge to judge your child’s actions or feelings. They really can’t help the way they feel, and they are still immature, so they’re going to make mistakes. What you can do is help them have a healthy attitude and recognize the merits and impacts of the actions they might want to take. As the article hints at the end, you need to understand the environment your kids are in. So, as much as you may hate the idea of having a Facebook account, setting one up and using it (not to spy on your kids, but to experience what’s going on in today’s culture) can make it easier to see things from their point of view. It is a conflicting situation for parents, though, to rationalize whether you are really spying on your kids, simply intruding on their privacy, or looking out for their best interests. – Scott Europe’s highest court strikes down Safe Harbor data sharing between EU, US This is huge news as this ruling will likely force Facebook, Twitter, Google to keep EU data in the EU. It is important that privacy laws be respected and enforced. And in this case, the CJEU seems to be doing a good job of overseeing the Safe Harbor agreement. This agreement basically says that, if the personal data of EU citizens is transferred to a country outside the EU, it must be protected to a certain standard. However, the case has brought to light that the standard for safe harbour does not really go as far as it needs to in order to properly protect the privacy rights of EU citizens. So, the conclusion is that companies like Facebook should not be allowed to move EU citizens’ data overseas, since privacy will not be upheld. One instance they give, as an example of how the agreement is too weak, is the potential access rights that the US government has to all data held within the USA. But this is an argument that can be extended to the UK itself, given what is now publicly known about the UK government’s surveillance activities. In this sense, the EU citizens’ data may be no better protected inside the EU than outside. So, it will take a long time to sort all the implications out. But, as the article states, it is likely that companies will start to segregate data geographically. I’m not sure how this will affect, for example, Facebook users, or even advertisers. So, as always, don’t post sensitive information on social media sites if you are concerned about this. But you might also have to start wondering about the safety of cloud-based services such as Microsoft Office 365. What protection does your business

This is the 46th episode of the Shared Security Podcast (formally the Social Media Security Podcast) sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston and Scott Wright recorded October 7, 2015. Below are the show notes, commentary, links to articles and news mentioned in the podcast: Scott gives an overview of the BSides Ottawa Security Conference If you’re in the Information Security industry I highly recommend you attend a local BSides conference. Always great content and networking opportunities! -Tom Everyone you know will be able to rate you on the terrifying ‘Yelp for people’ — whether you want them to or not Yelp for people? What could possibly go wrong? What are the ramifications when we start “rating” everyone we know or encounter? In a recent twist everything available about the Peeple app has been removed (social media, website, etc) by the founders most likely because of the firestorm of news media and privacy concerns. While the Peeple app looks like it may not happen..I’m sure there are other similar apps that will pop up and try something similar in the near future. -Tom The Power of Privacy Video Series by The Guardian The first episode takes a very thought provoking look at the digital shadows you leave and how someone can find personal and private information about you on the Internet…highly recommended! Episode 2 was recently released and talks about how easy it is to get hacked through phishing and common social engineering techniques. – Tom Anatomy of an enterprise social cyber attack This is some interesting ZeroFOX research on customer scams, specifically one called “hashtag hijacking”. I’ve heard of several cases in the news about this type of attach using social engineering and social media as attack vectors. Check out this great infographic to learn more. -Tom Thousands of ‘directly hackable’ hospital devices exposed online This research was released at the DerbyCon security conference last month. I found it fascinating that now MRI and other critical medical equipment can be found using the search tool Shodan outside of the firewall of some major healthcare providers. Most likely this happens because of poor network segmentation as well as separate Internet connections outside of the healthcare provider. To top that off many of these devices are configured with default credentials and/or weak passwords (some running vulnerable Windows XP and older systems too). The researchers built a honeypot defibrillator machine to prove their points which “attracted a whopping 55,416 successful SSH and web logins and some 299 malware payloads”. Medical devices (pretty much in the same category of IoT) which lack any security is very scary, especially the potential impact to human life if these devices are compromised! -Tom The Social Network Where Doctors Swap Gross Pics of Patients HIPAA nightmare? Apparently doctors, nurses and other healthcare staff have been uploading patient pictures to a app/social network called “Figure 1” (aka: Instagram for doctors). While the founders intentions seem good (as in a good way for doctors to get second opinions or to treat patients better) there is definitely a cause for privacy concern. The founders apparently have monitoring, oversight and remove any metadata from each picture but as this app’s user base grows it will be harder to oversee this type of information, even with automation built in. In addition, the app founders said that they don’t have a plan yet to make money so time will tell if this even sticks around. -Tom Netflix shows you how to make your own “IoT switch”. Turn on Netflix. Dim the Lights. Kick Back and Relax. Netflix continues to innovate with unique ways to watch their programming…even to get you to build your own IoT device (I’m soon sure to be available for purchase). -Tom Our friendly PSA: Please stop posting those Facebook privacy notices Posting those Facebook “privacy notices” on your status does nothing as you’ve agreed to hand over everything you post to Facebook according to their terms of service. You agreed to this when you created your Facebook account. Don’t like it? Stop using Facebook and delete your account. See Snopes for more information about this hoax. -Tom Please send any show feedback to feedback [aT] sharedsecurity.net or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Be sure to visit our website, follow us on Twitter and like us on Facebook. Thanks for listening! The post The Shared Security Podcast Episode 46 – Peeple App, Medical Devices Exposed, Instagram for Doctors appeared first on Shared Security Podcast.

This is the 45th episode of the Shared Security Podcast (formally the Social Media Security Podcast) sponsored by the Streetwise Security Zone. This episode was hosted by Tom Eston and Scott Wright recorded September 24, 2015. Below are the show notes, commentary, links to articles and news mentioned in the podcast: How The Internet of Things Could Revolutionize Our Lives, Work The above article does a good job of painting a Utopian future, with your office doors opening and computers logging you in with appropriate privileges “without having to manually tap into 10 different interfaces every day.” You may also enjoy dreaming of entering a restaurant where the menu is customized to your social preference, saving you the hassle of actually having to turn multiple pages. This may be a good thing, or it may just be a sign that we are getting lazy. Did you ever see the Disney movie “Wall-E”, where all the humans looked like the Michelin man, and floated around on hovering chairs? Isn’t it just a little bit sad that we are getting so excited about not having to move any muscles to get our jobs done? Not only does this image of the future seem a little unhealthy, but I just can’t help but think about all the potential vulnerabilities in all the interfaces between these devices and systems that have to work with each other to accomplish these feats. I think this is especially true, in light of the point raised in the article about the lack of standardization between devices that I think will almost always exist. – Scott A Smartwatch Could Reveal What You’re Typing by How Your Hand Moves This is one of those articles that pops up every year or so that describes how somebody has demonstrated a way to capture keystrokes or other personal movements of individuals through vibrations, light rays, electromagnetic variations, etc. It’s just a reminder that when we adopt a new form factor or a whole new device, somebody is going to try to find a way to spy on your actions when using it. In most cases, these demonstrations are done in very controlled environments, and can be very hard to reproduce. In other, more successful cases, the researchers probably end up getting bought out or employed by large and powerful organizations, never to be heard from again… ;o) – Scott Top 10 Implantable Wearables Soon To Be In Your Body Is there such a thing as being too close to technology? It will be interesting to see how far people are willing to go to be connected. This article discuses a number of ways I which scientists (or franken-scientists) are experimenting with implanting everything from phones to speakers to video displays in peoples’ bodies. I think it’s more likely that many of us will accept some of the new medical applications of implantable technologies. Sensors for real-time monitoring of sugar levels, cholesterol and other undesirables could be really valuable. Of course, the swallowable pill for colonoscopies is the one many of my friends are waiting for… There may even be devices you can take as pills that will monitor and dispense therapeutic chemicals that make you feel full, or even contraceptives. It’s also possible that with the right materials and smart functionality, entire organs could be replaced. Maybe this is how we evolve into Cyborgs… My security and privacy concerns around these devices are along the lines of them being hijacked by attackers, which could literally be fatal in some cases. But you also have to worry a little about how those devices could be detected and matched to your identity for tracking purposes. – Scott You Can’t Do Squat About Spotify’s Eerie New Privacy Policy It’s not just Google, Linked In and Facebook who want to know everything about you. Spotify is seriously trying to get in on the act. Did you know that Spotify’s privacy policy is hoping you might break the law, while their fine print is saying you agree to do the due diligence? Spotify’s privacy policy apparently wants you to implicitly accept how they use information about your phone’s contacts, even when they know it may not be legal for you to share it with Spotify without their permission? They literally expect you to seek every contact’s permission to let Spotify use their contact information for its vague purposes, before you use Spotify on your phone. Unfortunately, as the article points out, it is becoming the norm for businesses to try to monetize the personal information they have about you. – Scott Self-driving cars can be hacked using a laser pointer Before you get in that self-driving car… The next wave in vehicle technology, if you haven’t been paying attention to it, is the self-driving vehicle. Google has been test-driving self-driving vehicles for a number of years now, with some success. I think there are some great benefits to be had from automating vehicles, especially in environmental and safety areas. Think of the gas that can be saved if the optimal acceleration and routin

This is the 44th episode of the Shared Security Podcast (formally the Social Media Security Podcast) sponsored by the Streetwise Security Zone. This episode was hosted by Tom Eston and Scott Wright recorded September 2, 2015. Below are the show notes, links to articles and news mentioned in the podcast: Facebook urged to tighten privacy settings after harvest of user data Make an Apple Watch Door Unlocker Severe weaknesses in Android handsets could leak user fingerprints Big Android makers will now push monthly security updates How I Hacked the Amazon WiFi Button to track Baby Data Oracle security chief to customers: Stop checking our code for vulnerabilities Please send any show feedback to feedback [aT] sharedsecurity.net or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Be sure to visit our website, follow us on Twitter and like us on Facebook. Thanks for listening! The post The Shared Security Podcast Episode 44 – Facebook Data, Apple Watch, Android, Amazon Dash Buttons appeared first on Shared Security Podcast.

This is the 43rd episode of the Shared Security Podcast (formally the Social Media Security Podcast) sponsored by the Streetwise Security Zone. This episode was hosted by Tom Eston and Scott Wright recorded August 6, 2015. Below are the show notes, links to articles and news mentioned in the podcast: Car hack reveals peril on the road to Internet of Things (IoT) Smart watches and activity monitors usually connect to the cloud, sometimes without good security Really great article from Venture Beat about IoT risks Good research and whitepaper from Veracode about several popular IoT devices being sold and the security risks Scott talks about a recent Facebook scam that he received which was really hard to tell if it was legit or not Tom talks about Vizio SmartTV’s and how they know everything that you watch. Make sure you read those privacy policies! Please send any show feedback to feedback [aT] sharedsecurity.net or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Be sure to visit our website, follow us on Twitter and like us on Facebook. Thanks for listening! The post The Shared Security Podcast Episode 43 – Car Hacking, IoT Risks, Facebook Scams, SmartTV Privacy appeared first on Shared Security Podcast.

Podcast Update: The new website for the Shared Security Podcast will hopefully be live for the next episode! We hope you enjoy the new topics and format! This is the 42nd episode of the Shared Security Podcast sponsored by the Streetwise Security Zone. This episode was hosted by Tom Eston and Scott Wright recorded June 3, 2015. Below are the show notes, links to articles and news mentioned in the podcast: Marauder’s Map plugin for Chrome allows geolocation of messenger communications for friends or people in a message thread Facebook check-up feature being tested which is a new tool that might help users understand and select privacy settings that make sense to them How social networks make it easy for adopted children to find their birth parents, not always with desirable or expected results. The focus is on a young girl who grew up believing her birth mother was like a Disney princess, and understandably wanted to connect with her. This story shows it isn’t always a good decision, and highlights the need for honesty with young adopted children regarding their past. Risky mobile apps that parents need to know about. How new smart key fobs are making it easy for thieves to break into cars with a $17 gadget you can buy online. Some people are starting to put their key fobs in the freezer to shield them from the radio signals used by thieves. Please send any show feedback to feedback [aT] sharedsecurity.net or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Thanks for listening! The post The Shared Security Podcast 42 – Car Theft, Risky Apps, Facebook Security Checkup appeared first on Shared Security Podcast.

This is the 41st episode of the Social Media Security Podcast sponsored by the Streetwise Security Zone. This episode was hosted by Tom Eston and Scott Wright recorded April 29, 2015. Below are the show notes, links to articles and news mentioned in the podcast: Important Podcast Update! While we haven’t finalized the details we’re hoping to rename the podcast as “Shared Security”. We have been discussing the fact that the privacy and security topics we’ve been covering are really spreading to more than just social media. Now, we see the important stories as being ones that relate to who and what we trust as connected individuals and businesses. So, we’ve decided that it might be time to rename the podcast to be more inclusive of important security stories beyond just social media, and we’ve decided on a new name for the program… “Shared Security” We think Shared Security brings to mind not only social media, but mobile technology, cloud technology, and as I’m sure you’ve heard by now, The Internet of Things (IoT). So our new podcast, Shared Security, will try to bring you timely stories, news and tips for living securely in a connected world. The name also brings to mind the fact that we will increasingly need to share our thoughts on what the risks are and how to deal with them. You can expect the same level of insight and practical guidance, just on a broader scope. We haven’t yet figured out how we will officially change the program name people see on iTunes or the feed for RSS. So for the moment, the feed and official title will be the same…Social Media Security. However, with this episode we’re going to try to cover a broader range of stories, when appropriate. Stay tuned for additional rebranding changes as we roll them out. As always, we’d like to hear your thoughts! Scott and Tom Recent Facebook and Instagram vulnerabilities Security for the Internet of Things will get really, really bad before it gets good Samsung TV’s are listening to you Trend Micro and Ponemon released a study on personal information, privacy and the connected world. In this report, they mention that Gartner predicts 25 billion connected devices by 2020 – I think that’s a low estimate- The report breaks down the value of certain types of personal information to attackers, like your health condition (for an American it’s $82.90 per record) Discussion about The 2015 Verizon Data Breach Incident Report Commentary on the risks from Internet of Things Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Don’t forget to subscribe to the podcast in iTunes, follow us on Twitter and like us on Facebook. Thanks for listening! The post Social Media Security Podcast 41 – Podcast Updates, Internet of Things, TV Privacy appeared first on Shared Security Podcast.

This is the 40th episode of the Social Media Security Podcast sponsored by the Streetwise Security Zone. This episode was hosted by Tom Eston and Scott Wright recorded February 25, 2015. Below are the show notes, links to articles and news mentioned in the podcast: Facebook’s new ThreatExchange Fitbit data used in a court case Echosec is a web application that lets you search a geographical locale for posts on Twitter, Instagram and Flickr Some new Facebook security tips and tricks A very special interview with somebody who experienced a scam attempt on Facebook. Great advice on how to defend against these types of scams! Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Don’t forget to subscribe to the podcast in iTunes, follow us on Twitter and like us on Facebook. Thanks for listening! The post Social Media Security Podcast 40 – ThreatExchange, Echosec, Facebook Scams appeared first on Shared Security Podcast.

This is the 39th episode of the Social Media Security Podcast sponsored by SecureState and the Streetwise Security Zone. This episode was hosted by Tom Eston, Scott Wright recorded December 12, 2014. Below are the show notes, links to articles and news mentioned in the podcast: “Snapcash” has been announced by the creators of Snapchat. Can Snapchat gain enough consumer confidence to break into the payments field? Yik Yak is a social app for browsing anonymous chats in your locale and it’s gaining popularity with teens and causing some problems for schools. Yik Yak is also not as private or anonymous as you think as a new security vulnerability was just disclosed! How to opt out of Twitter’s new app tracking feature Facebook’s updated Privacy Policy? Not much new, but policies have been reworded to be somewhat less onerous to read Facebook At Work – Will it work? Scott and Tom share our opinions on the big Sony Pictures security breach Scott shares some best practices on how to secure your LinkedIn account. Tom shares some good tips to make your LinkedIn account more private. Here are a few of the tips we discussed: 1) Turn on HTTPS for all sessions: – Check the “Secure Connections” box in the security settings page 2) Turn on Two-Step Verification – The security settings page will tell you whether or not two-step verification is already set up – You can turn it on, and provide a mobile phone where SMS messages will be sent Both are accessible by doing the following while logged in to your LinkedIn account on the Web: a) Hover the mouse cursor over your profile picture b) Click on the Account tab in the bottom left of the page c) Click on “Manage Security Settings” Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Don’t forget to subscribe to the podcast in iTunes, follow us on Twitter and like us on Facebook. Thanks for listening!   The post Social Media Security Podcast 39 – Snapcash, Yik Yak, LinkedIn Security and Privacy Tips appeared first on Shared Security Podcast.

This is the 38th episode of the Social Media Security Podcast sponsored by SecureState and the Streetwise Security Zone. This episode was hosted by Tom Eston, Scott Wright recorded October 21, 2014. Below are the show notes, links to articles and news mentioned in the podcast: An enterprise level story about how hard it is to block specific sites, and what can be done about it Twitter’s former security head condemns Whisper’s privacy flaws Twitter sues the US Government over national security data Twitter quickly withholds tweets for Turkey’s ‘national security’ Twitter ‘news’ spreads faster than Ebola Snapchat third party service hacked Facebook Fake Likes Exposed Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Don’t forget to subscribe to the podcast in iTunes, follow us on Twitter and like us on Facebook. Thanks for listening! The post Social Media Security Podcast 38 – Corporate Policy, Whisper Privacy Flaws, Snapchat Hack appeared first on Shared Security Podcast.

This is the 37th episode of the Social Media Security Podcast sponsored by SecureState and the Streetwise Security Zone. This episode was hosted by Tom Eston, Scott Wright and special guest Kevin Johnson recorded September 19th 2014. Below are the show notes, links to articles and news mentioned in the podcast: Special Topic! Managing Your Digital Footprint (thanks to Chris John Riley for the idea!) Personal objectives for using social media Types of footprints you might have (likes, comments, photos, tags, etc.) Ways you can be exposed, and how to find them (Google search, Facebook search, Linkedin Search, etc.) Ways to manage exposure going forward This site has a good, short set of tips to review: http://krishnade.com/digital-footprint/ LinkedIn address book guessing… http://omnifeed.com/article/www.komonews.com/news/local/LinkedIn-flaw-helps-hackers-discover-email-addresses-275537041.html The LinkedIn LION – Are You Exposing Yourself to the Hyenas? https://www.linkedin.com/today/post/article/20140812143638-171396975-the-linkedin-lion-are-you-exposing-yourself-to-the-hyenas Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Don’t forget to subscribe to the podcast in iTunes, follow us on Twitter and like us on Facebook. Thanks for listening! The post Social Media Security Podcast 37 – Special Guest Kevin Johnson (@Secureideas), Managing Your Digital Footprint appeared first on Shared Security Podcast.

This is the 36th episode of the Social Media Security Podcast sponsored by SecureState and the Streetwise Security Zone. This episode was hosted by Tom Eston and Scott Wright recorded August 20th 2014. Below are the show notes, links to articles and news mentioned in the podcast: HTML5 Canvas Fingerprint — Widely Used Unstoppable Web Tracking Technology What the Internet Can See From Your Cat Pictures. Everyone also knows where your cat lives… Discussion about Facebook Messenger Privacy. Is it really that big of a deal? Misplaced fear about Facebook Messenger for Android Ars Technica interviews Facebook CSO Joe Sullivan about improving corporate security Another interview with Joe Sullivan by Washington Post about the post-Snowden effect on Internet companies Kaspersky study of Facebook user risk awareness Kaspersky app called Friend or Foe, and their top 5 security mistakes Facebook users make Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Don’t forget to subscribe to the podcast in iTunes, follow us on Twitter and like us on Facebook. Thanks for listening! The post Social Media Security Podcast 36 – Your Cats Metadata, Facebook Messenger, User Risk Awareness appeared first on Shared Security Podcast.

This is the 35th episode of the Social Media Security Podcast sponsored by SecureState and the Streetwise Security Zone. This episode was hosted by Tom Eston and Scott Wright recorded July 17th 2014. Below are the show notes, links to articles and news mentioned in the podcast: Facebook altered 689,000 users’ News Feeds for a psychology experiment How to Stop Facebook From Using Your Browsing History Hacking Facebook’s Legacy API, Part 1: Making Calls on Behalf of Any User How to Teach Humans to Remember Really Complex Passwords Why I quit Facebook and we are sharing much more than you think Burglar logs in to Facebook in victim’s house, forgets to sign off (really?) Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Don’t forget to subscribe to the podcast in iTunes, follow us on Twitter and like us on Facebook. Thanks for listening! The post Social Media Security Podcast 35 – Facebook News Feed Psychology, Complex Passwords, Dumb Criminals appeared first on Shared Security Podcast.

This is the 34th episode of the Social Media Security Podcast sponsored by SecureState and the Streetwise Security Zone. This episode was hosted by Tom Eston and Scott Wright recorded June 18th 2014. Below are the show notes, links to articles and news mentioned in the podcast: Facebook Switches Default Setting to Private to Prevent Oversharing Facebook Fights Malware With Free Security Software Facebook Microphone Update To Store Data: Social Media Giant Confirms New Feature Will Aggregate Information Facebook responds to this privacy issue How to “Hack” Someone’s “Private” Friends List on Facebook to See All of Their Friends 6 tips on how to avoid Linkedin Scammers Some HP Employees Were Busted For This Hilariously Awful Attack Against Competitor, Splunk Bruce Schneier posted a link to this article about how ISIS in Iraq is using their free mobile app to mass tweet on behalf of individual users, without triggering spam blocks. Tom talked about SecureState’s free phishing awareness tool called “King Phisher”. This tool can be used to conduct your own phishing awareness campaigns. Check out the webinar and download the tool. Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Don’t forget to subscribe to the podcast in iTunes, follow us on Twitter and like us on Facebook. Thanks for listening! The post Social Media Security Podcast 34 – Facebook Privacy, LinkedIn Scammers, Naughty Employees appeared first on Shared Security Podcast.

Guess what? We’re back! This is the 33rd episode of the Social Media Security Podcast sponsored by SecureState. This episode was hosted by Tom Eston and Scott Wright recorded May 15, 2014. Below are the show notes, links to articles and news mentioned in the podcast: Social Media sites affected by Heartbleed NYPD Twitter hashtag campain FAIL Facebook Fail pages for brands like ADT alarm service New Snowden Docs Highlight “Weaknesses” In Facebook Data Security Snapchat security failure Facebook class action lawsuit status Canada’s Privacy Commissioner rules on Facebook remedies in case of harrassment by child imposter Interesting view on Android permissions requested by FB apps (and proposed solution) People snubbed on Facebook feel less “meaningful existence,” study finds Tom’s presentation on Enterprise Open Source Intelligence Gathering (OSINT) Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Don’t forget to subscribe to the podcast in iTunes, follow us on Twitter and like us on Facebook. Thanks for listening! The post Social Media Security Podcast 33 – Heartbleed, Hashtag Fail, Social Impersonation appeared first on Shared Security Podcast.

This is the 32nd episode of the Social Media Security Podcast sponsored by SecureState. This episode was hosted by Tom Eston and Scott Wright recorded April 25, 2013. Below are the show notes, links to articles and news mentioned in the podcast: A Little Privacy, Please! Your Rights and Social Media Policies. Tom and Scott discuss why you should be reading the privacy polices of the social networks you use. AP Twitter account hacked; report of White House bombs false Beware Twitter “password check” sites – there are fakes, and there are fake fakes! Is your Twitter password secure? What is “Facebook Home” and what are the potential privacy ramifications of using it on your Android device? Are you over-sharing? A discussion of the privacy paradox we all face Check out SecureState’s latest whitepaper on the new concerns with privacy! Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes, follow us on Twitter and like us on Facebook. Thanks for listening! The post Social Media Security Podcast 32 – The Privacy Paradox, Twitter Hacks, Facebook Home appeared first on Shared Security Podcast.

This is the 31st episode of the Social Media Security Podcast sponsored by SecureState. This episode was hosted by Tom Eston and Scott Wright recorded January 18th, 2013. Below are the show notes, links to articles and news mentioned in the podcast: Facebook privacy controls have been updated. Check out this article on all the changes. You can no longer have your profile hidden. All Facebook users are publicly searchable. Facebook Graph Search has been released. Tom and Scott talk about what you need to know. What’s up with all these fake Internet girlfriends?? (Manti Teo) Tom and Scott talk about the current state of Social Media and your business. Download SecureState’s free Social Media Guidelines for businesses. This is a great Social Media Policy template for your business. Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes, follow us on Twitter and like us on Facebook. Thanks for listening! The post Social Media Security Podcast 31 – New Facebook Graph Search, Fake Internet Girlfriends, Social Media and Your Business appeared first on Shared Security Podcast.

This is the 30th episode of the Social Media Security Podcast sponsored by SecureState. This episode was hosted by Tom Eston and Scott Wright. In this episode we talk about the password problem and why we continue to choose easy to guess passwords. Tom and Scott also talk about ways to select more secure passwords and how technology can help. Below are the show notes, links to articles and news mentioned in the podcast: The password Episode! It’s episode 30! Study shows hackers more focused on passwords than those who create them Major password breaches in the last few months: Formspring (420,000) LinkedIn (6 million) eHarmony (1.5 million) Last.fm (2.5 million) Blizzard Battle.net Brute force attacks on passwords is the #1 way we break into companies during pentests! Want to see the poor passwords people choose? SkullSecurity has very good lists from previous breaches. Looking for more information? Tom wrote a white paper on how easy it is to profile user passwords on social networks. The password problem. Users continue to make poor password choices. Why? Too many to remember? It’s easier to use the same password for each site Also the same user id and email Failures in user awareness? Users are not provided the technology to help Social networks and other sites make it easy to choose weak passwords, little adoption of two factor authentication because users will complain Mobile apps are not designed to constantly enter passwords. This is why you “stay logged in”. Worse case scenario? Mat Honan’s “Epic” Hacking What is the solution? It’s tough but we need to stop blaming the companies that hold our data…take personal responsibility and educate yourself! It’s also complex to figure out a solution. Technology can help: KeePass, 1Password, LastPass, Google Two-Step Verification (application specific passwords), Facebook Two Factor Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes and follow us on Twitter. Thanks for listening! The post Social Media Security Podcast 30 – The Password Episode appeared first on Shared Security Podcast.

This is the 29th episode of the Social Media Security Podcast. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast: MySpace charged for violating user privacy, vows to do better How a fake Justin Bieber “sextorted” hundreds of girls through Facebook FBPwn: A cross-platform Facebook social engineering tool Tom and Scott’s take on the Facebook IPO LinkedIn CSRF (Cross-site Request Forgery) controls attacked Scott gives us an update on his mobile honeystick project We are still planning on getting back to regular podcasts! Stay tuned. Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes and follow us on Twitter. Thanks for listening! The post Social Media Security Podcast 29 – Fake Bieber, Facebook Social Engineering Tool, MySpace Who? appeared first on Shared Security Podcast.

This is the 28th episode of the Social Media Security Podcast recorded back a few months ago. Content is still relevant! This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast: Facebook starts rolling out Timeline to everyone (what you need to know about the timeline privacy) Twitter Acquires Web Security Firm Dasient Trojan steals e-cash vouchers from Facebook users Facebook ducks U.S. privacy question LinkedIn Friend Finder…what you need to know! Don’t worry! We are still planning on getting back to regular podcasts. Stay tuned. Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes and follow us on Twitter. Thanks for listening!   The post Social Media Security Podcast 28 – Facebook Timeline, US Privacy Questions, Twitter Acquisitions appeared first on Shared Security Podcast.

This is the 27th episode of the Social Media Security Podcast recorded November 11, 2011. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast: Locked Out Of Facebook? Your Friends Will Soon Be Able To Help You Get Back In Anti-Facebook Social Network “Unthink” Launches To Public Most social networks users don’t keep up with privacy settings changes Facebook video games are stupid, anyway Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes and follow us on Twitter. Thanks for listening! The post Social Media Security Podcast 27 – Facebook Friend Unlock, The Anti-Facebook, Facebook Games appeared first on Shared Security Podcast.

This is the 26th episode of the Social Media Security Podcast recorded September 8, 2011. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast: Google + Security and Privacy New Facebook Privacy Controls, what’s changed? New Tool: FBPwn– A cross-platform Java based Facebook profile dumper Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes and follow us on Twitter. Thanks for listening! The post Social Media Security Podcast 26 – Google +, New Facebook Privacy Controls, FBPwn Tool appeared first on Shared Security Podcast.

This is the 25th episode of the Social Media Security Podcast recorded July 1, 2011. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast:   LinkedIn SSL Leaves Accounts Vulnerable to Hijacking Facebook adds two-factor authentication, other new security features Facebook facial recognition. How it looks, fact and myth, and how we would fix the problems. Firesheep for Android Phones (FaceNiff) LinkedIn, Foursquare and Netflix on Android Store Your Passwords in Unencryped Text Files Social Media Background Checks Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes and follow us on Twitter. Thanks for listening! The post Social Media Security Podcast 25 – Facebook Security Updates, FaceNiff, Social Media Background Checks appeared first on Shared Security Podcast.

This is the 24th episode of the Social Media Security Podcast recorded April 6, 2011. This episode was hosted by Tom Eston and Scott Wright with special guest James Ruffer. Below are the show notes, links to articles and news mentioned in the podcast: Why Should the CSO Care About an Employee’s Personal Social Media Account? Virally spreading scam spreads over Twitter (ProfileSpy) Spammers Using Facebook Events to Trick Users ‘Cree.py’ Social Engineering Tool Pinpoints A Person’s Physical Location US Military plan would create many fake Social Media Identities for use in fighting terrorism What the app privacy investigation means to you Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes and follow us on Twitter. Thanks for listening! The post Social Media Security Podcast 24 – Personal Social Media Accounts, Cree.py, ProfileSpy, App Privacy appeared first on Shared Security Podcast.

This is the 23rd episode of the Social Media Security Podcast recorded February 25th, 2011. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast: New changes to Facebook and security implications Facebook now supports full SSL browsing (optional), social authentication improvements Facebook rolls out new messaging system Facebook now allows iframes within tab applications. Possible security issue with applications! API bug responsible for Zuckerberg page hack Facebook ‘tag spam’ targets indiscriminate friend collectors Dispelling the Myths of Facebook Privacy and Security Government Calls for Privacy Protections for Device Location Scott’s little initiative to identify and discuss “internal” or “private” social networking tools for enterprises Question from a listener: What’s the business model around people search engines like Spokeo.com? How about digital insurance? Check out Scott’s new Canadian security podcast: Security, Eh? Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes and follow us on Twitter. Thanks for listening! The post Social Media Security Podcast 23 – Recent Changes to Facebook, Enterprise Social Media Tools, Spokeo appeared first on Shared Security Podcast.

This is the 22nd episode of the Social Media Security Podcast recorded January 21, 2011. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast: Skype credit email as an apology – a new trend we can expect in 2011 from good guys and bad guys. Screen shot mentioned in the podcast. Scott’s note: I searched for posts about this email before clicking on it, and it was actually legitimate. However, this would be a very compelling phishing attack for any organization that recently suffered a PR setback. Any time you get an unexpected email, even if it looks like the circumstances make sense, you need to check on its authenticity. And any organization issuing such an Email should also post an announcement of the campaign on their home page, and issue a press release to make it easy for people to verify the legitimacy of the email. Bruce Schneier’s taxonomy of social network personal data Facebook now tells you about people you know who have found friends using their Friend Finder Scott’s note: I always tell people never to enter their email address and password on sites that aren’t their email service. You don’t know what they will do with your password, or if it might be captured. It also exposes your friends to potentially unwanted email messages – e.g. spam. Facebook Lets Developers Ask a User for Their Address, Phone Number in the Graph API Twitter Worm Pushing Rogue Antivirus Scam Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes and follow us on Twitter. Thanks for listening! The post Social Media Security Podcast 22 – Skype Email, Taxonomy of Socnet Data, Facebook Graph API appeared first on Shared Security Podcast.

This is the 20th episode of the Social Media Security Podcast recorded December 17th 2010. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast: Trolls who deface Facebook RIP pages of teens who have died Canadian Mounties LIKE Cookie Monster Audition for SNL Facebook becomes divorce lawyers’ new best friend Vulnerabilities in Facebook Apps (nothing new but still a problem) Gawker breach and implications. Ryan Naraine had a good set of tips at Threatpost.com. Facebook Profile Changes: What You Should Know Zuckerburg man of the year? Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes and follow us on Twitter. Thanks for listening! The post Social Media Security Podcast 21 – Facebook Trolls, Cookie Monster, Gawker Breach appeared first on Shared Security Podcast.

This is the 20th episode of the Social Media Security Podcast recorded November 5th 2010. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast: FireSheep – “Firefox plugin to pull active cookies from popular websites while using open wifi”. Facebook Responds to FireSheep Idiocy tool sends tweets on your behalf as a “Warning”. Get the tool here. How to defend against FireSheep? Manually use HTTPS for social media sites or use a VPN while connected to open wifi..don’t forget about mobile apps! Try the HTTPS Everywhere Plugin from the EFF or Force-TLS Plugin. Learn more about securing your Wifi at home. FireShepherd Aims to Protect Users. BlackSheep is another one… White House Forms Privacy and Internet Policy Subcommittee Ottawa man busted through Facebook after stealing rare Wayne Gretzky jersey What NOT To Post On Facebook: 13 Things You Shouldn’t Tell Your Facebook Friends Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes and follow us on Twitter. Thanks for listening! The post Social Media Security Podcast 20 – FireSheep, Privacy in the US, What NOT To Post On Facebook appeared first on Shared Security Podcast.

This is the 19th episode of the Social Media Security Podcast recorded October 8, 2010. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast: Social Media Security Awareness Month – at SecureState! Two new white paper’s released: Security Gaps in Social Media Websites for Children Open Door to Attackers Aiming To Prey On Children by Scott White. Profiling User Passwords on Social Networks by Tom Eston SocialScan service and social media consulting available. Panda Security Publishes Findings from First Annual Social Media Risk Index for SMBs Survey: Fear of data loss, security risks via social media sites on the upswing Facebook Competitor Diaspora Hit With Security Criticisms New changes to Facebook. What you need to know: New groups (tag people just like places). Ability to download all of your data to a zip file. Dashboard for more granular control of applications. New one time password feature and session controls Facebook Groups: Privacy Blunder or Twitter Replacement? Don’t Get Duped by LinkedIn Spam Scam Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes and follow us on Twitter. Thanks for listening! The post Social Media Security Podcast 19 – New Changes to Facebook, Social Media Risk Survey, LinkedIn Scams appeared first on Shared Security Podcast.

This is the 18th episode of the Social Media Security Podcast recorded September 3, 2010. This episode was hosted by Tom Eston and Scott Wright and is our 1 year anniversary episode! Thanks to everyone that has supported the podcast over the last year…we really appreciate it! Below are the show notes, links to articles and news mentioned in the podcast: Scary new way to use Facebook with RFID. Is the physical world starting to merge with social media? MySpace updates its privacy settings Hacking your location with Facebook Places Privacy Settings for Facebook Places How to get hacked on Facebook (Koobface chat messages) Facebook spam infinitely more effective than email spam Facebook’s remote log-out security feature: Should you care? Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes and follow us on Twitter. Thanks for listening! The post Social Media Security Podcast 18 – RFID and Facebook, Hacking Facebook Places, MySpace Privacy appeared first on Shared Security Podcast.

This is the 17th episode of the Social Media Security Podcast recorded August 13th, 2010. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast: Researchers Show How Twitter, Twitpic Make Stalking Simple. Check out ICanStalkU.com! Robin Sage revealed at BlackHat USA. Why QR Codes Are Poised to Hit the Mainstream. Check out our QR Code. This one is safe! Download 171 million Facebook names via Torrent. Here is an update from Ron. Acunetix releases video and technical article about an exploitable XSS on facebook.com Facebook name extraction Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes and follow us on Twitter. Thanks for listening! The post Social Media Security Podcast 17 – ICanStalkU, QR Codes, Facebook directory via Torrent, LinkedIn CAPTCHA’s appeared first on Shared Security Podcast.

This is the 16th episode of the Social Media Security Podcast recorded July 2, 2010. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast: Quick update on Diaspora (pronounced Di-as-para). Here is a video update as well. FTC nails Twitter for deceiving users about privacy and security HTTPS Everywhere Firefox extension from the EFF Persistent XSS on Twitter.com Interesting New Twitter Phish Can Lead to Bad Places Facebook Rolls Out Simplified Application Permissions System Facebook Phonebook Is Not A Security Threat NTIA (National Telecommunications and Information Administration) has received the report of the Online Safety and Technology Working Group (OSTWG) “Youth Safety on a Living Internet” (2.42 MB PDF file) Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes. Thanks for listening! The post Social Media Security Podcast 16 – Diaspora News, FTC and Twitter, Twitter XSS, Facebook App Permissions appeared first on Shared Security Podcast.

This is the 15th episode of the Social Media Security Podcast recorded June 11th, 2010. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast: Our Facebook Privacy & Security Guide has been updated to v2.2. We are working on the LinkedIn Privacy & Security Guide! How to permanently delete your Facebook account Quit Facebook Day – May 31st was it successful? Facebook Leaks Usernames, User IDs, and Personal Details to Advertisers Facebook Fixing Embarrassing Privacy Bug (CSRF). Video here. Facebook “likejacking” targets World Cup, BP, Shrek, UFC, … ReclaimPrivacy.org – Facebook Privacy Scanner Facebook firehose comes to Bing Formspring.me XSS flaw MySpace Announces New Privacy Controls Social media pose the latest challenge in separating work from personal spaces Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes. Thanks for listening! The post Social Media Security Podcast 15 – Current Facebook Security Issues, New Privacy Tools, Likejacking, Formspring, Social Media at Work appeared first on Shared Security Podcast.

This is the 14th episode of the Social Media Security Podcast recorded May 14th, 2010. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast: Yelp Security Hole Puts Facebook User Data At Risk, Underscores Problems With Instant Personalization (two XSS holes in a few days discovered) Want to know what Cross-Site Scripting (XSS) is and how it works at a basic level? Check out Episode 2 of our podcast. Facebook Leaks IP Addresses via Email Facebook is dying, social is not. Is Facebook overplaying your hand? Diaspora “The Open Source Anti-Facebook” raised $133,182 (close to 4,000 supporters!) Dispite all this…Facebook Rolls out New Security Features What does Facebook publish about you and your friends? Searching the OpenGraph. I Can Stalk U – Raising awareness about inadvertent information sharing Swipely aims to take over where Blippy left off Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes. Thanks for listening! The post Social Media Security Podcast 14 – Recent Facebook Hacks and Controversy, Diaspora, Swipely appeared first on Shared Security Podcast.

This is the 13th episode of the Social Media Security Podcast recorded April 30, 2010. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast: New Facebook Changes – Social Graph, Social Plugins and Instant Personalization. Here are two articles to read on the new changes. Want to know more about the new Graph API? Read Facebook’s documentation. Tom updated his Facebook Privacy & Security Guide to version 2.1. This update includes all the latest changes to Facebook. Download and share with friends and family! Opps. Blippy Users’ Credit Card Numbers Exposed in Google Search Results. Does it really matter? They just got more funding! 1.5 million stolen Facebook IDs up for sale Twitter to remove Basic Authentication for Apps. Only OAuth allowed now. That’s a good thing! Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes. Thanks for listening! The post Social Media Security Podcast 13 – Details on the recent changes to Facebook, Blippy CC issue, Bye bye Basic Auth appeared first on Shared Security Podcast.

This is the 12th episode of the Social Media Security Podcast recorded March 28, 2010. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast: Facebook is about to implement a new Facebook Privacy Policy and Statement of Rights and Responsibilities. We put together a blog post of some must read articles on the topic. Rumor is that Facebook is going to use QR Codes as part of their Geolocation strategy (mentioned by Tom). Joan Goodchild from CSO Online interviewed Tom and Scott for an article titled: 10 Security Reasons to Quit Facebook (and one reason to stay on). Fake Zynga Toolbars Will Steal Your Facebook Password. Watch out for those “autoplayer” scripts as well, some could be laced with evil code… The Majority of US, European users (still) click on Spam. Scott’s blog post: Security pros use layered techniques, but so do attackers. How do you address employees using social media sites at work? Blocking access isn’t always the best solution. Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes. Thanks for listening! The post Social Media Security Podcast 12 – New Facebook Privacy Changes, Social Gaming Threats, Social Media in the Workplace appeared first on Shared Security Podcast.

This is the 11th episode of the Social Media Security Podcast recorded March 15, 2010. Sorry for the delay on releasing this! We should be back on our biweekly schedule soon. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast: Buzz Opens Privacy Pandora’s Box for Google How to turn off Google Buzz, or just close some of its privacy loopholes Twitter to block malicious links. We think this is a good thing! Hoping Twitter rolls this out to the entire service soon. The dark side of geo: PleaseRobMe.com. Gowalla adds a new twist to location based social networking. Tom and Scott discuss some of the privacy and security issues with Geolocation services. Geostalking shows the privacy issues with location based social networks. You might be setting yourself up for a prank call. Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes. Thanks for listening! The post Social Media Security Podcast 11 – Google Buzz, Geostalking, Twitter’s Phishing Filter appeared first on Shared Security Podcast.

This is the 10th episode of the Social Media Security Podcast recorded February 8, 2010. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast: Shmoocon was great! Be sure to check out the two talks about social media: Social Zombies II: Your Friends Need More Brains (video, slide deck, Facebook Application Autopwn Demo, Robin’s KreiosCS w/LinkedIn demo) and Nathan Hamiel’s talk Exposed | More: Attacking the Extended Web. Download the slide deck here. CDC Social Media Policies Facebook celebrates 400 million users by rolling out new redesign. Any new security issues? Hackers use Geolocation, Automation to target social networking sites Tom talks about some of the security and privacy issues regarding sites like Blippy and FourSquare. CyberStalking anyone? Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes. Thanks for listening! The post Social Media Security Podcast 10 – Shmoocon, Geo-Location, Social Media Policies, CyberStalking appeared first on Shared Security Podcast.