I was recently interviewed by Joan Goodchild, a senior editor at CSO Online, about security and privacy concerns with Facebook. Her story covers 10 reasons for quitting Facebook - and one reason to stay on. Here's a link to her story, which includes several comments from yours truly:
I often tell people that there is a lot of value in using social media, but you have to consider the risks. When the risks are laid out as they are in this article, it does make for a pretty compelling argument for opting out of social networking sites like Facebook.
When I deliver training presentations and workshops, there are still about 30% of the attendees who "avoid social media and social networking sites like the plague" - an observation pointed out in the above article.
There's no doubt about it, you're a lot less likely to get burned if you're not using these sites. But if you see the value, and know how to protect yourself, then go ahead. Just remember that even seasoned security experts are getting duped by phishing scams.
The Streetwise Security Coach
Phone: 1-613-693-0997Email: firstname.lastname@example.org
To download my FREE Security Management Resource Guide now, and to receive my series of Streetwise Security Tips, as well as my Streetwise Security News and updates click HERE.
I often try to make the point that the human element is almost always the weakest link, and the easiest path of attack, for an enterprise. The article below by Dan Goodin of The Register gives some good examples of how this is the case. Security penetration testers, Mike Baily and Mike Murray, consistently illustrate how easy this is - just like with my Honey Stick Project.
These guys just claimed a $10,000 prize for hacking the email account of StrongWebMail CEO, Darren Berkovitz.
They have a great observation in the following statement:
The come-ons often invoke a sense of urgency, such as an opportunity to make money only if the mark moves quickly. Scammers often try to form perceived bonds with their victims by thanking them for their attention or apologizing for an interruption. The ruses amount to hacks that suspend the marks' critical faculties just long enough to get them to make a critical mistake.
The bottom line is, if it's an unexpected message, and it has an urgent deadline, be VERY suspicious and check it out before taking action. Don't think the bad guys aren't every bit as inventive as these security testers.
So, it's nice that a complex story of super-sleuthing and international cooperation has come to an end for the Mariposa botnet. We can all sleep much easier knowing that these 12 million zombie PC's are no longer being held hostage (click HERE for the Associated Press story from Jordan Robinson). But, this is just the beginning of a new phase in computer infections by malicious software that's smarter than its owners.
According to the AP story, the owners of the Mariposa botnet were just "ordinary every day guys" with no previous criminal records that used very powerful software developed and supported by sophisticated underworld hackers. The hackers who wrote this botnet were not caught. So, I'm sure we can expect to hear more from them in the future.
By the way, here's how Mariposa was usually spread, according to the article:
It turned out that the botnet runners had infected computers by instant-messaging malicious links to contacts on infected computers. They also got viruses onto removable thumb drives and through peer-to-peer networks. The program used to create the botnet was known as Mariposa, from the Spanish word for "butterfly."
Sound familiar? These, plus infected PDF files are the most common ways for malware to spread. Please tell your friends and associates to be careful with any links or unknown devices. There are more of these kinds of infections coming - for sure.