Technical Tidbits™

There are a lot of things that I encounter that most people don’t due to the nature of my work.  And honestly, many of the problems I’m called upon to fix can be avoided by taking simple steps to practice what I’d like to think is “common sense” security with a healthy dose of mild paranoia.

That being said, I’m going to relate to you, my top 5 Facebook security tips to help you learn some of these common sense techniques while employing that healthy dose of mild paranoia.

Tip #1: Assume that Facebook (or any social network for that matter) is not secure.

I know you read all the social networking articles about how Facebook has upgraded their security, changed their security settings to protect you better, and so on and so forth.  However, there are about the same amount of news articles being posted of how the Facebook security settings didn’t work as they were intended which allowed everyone to view your profile information or your friends, how some hacker accessed Facebook account information on hundreds (and thousands) of users exposing login information and other personal data, and the list of flaws could go on.

The point is, as long as there are hackers and identity thieves, there will be flaws in even the most promising security. Assume that nothing is secure.

Tip #2: Don’t post anything you would not want a stranger to see.

Just recently, a friend of mine saw that two of his Facebook connections had posted their new cell phone number on their wall. When my friend decided to call them out on such behavior, the two friends replied that only their select friends could see the post based on the security setting used when posting.  See Tip #1 above if you believe that the information you’ve posted and set to secure is indeed secure.

Tip #3: Social Engineering is the hackers tool of choice.

Social engineering is the art of becoming friendly with a person and thereby gaining your trust. Once trust is established, the hacker can then casually get you to disclose your personal information easily and effortlessly.

As part of my student’s assignment in my computer security courses, they are taught how to employ social engineering and have the assignment of just watching for signs that someone is using it. One student took those skills to a cell phone kiosk and while chatting casually with a woman about a cell phone she was using, gained information about her 4 digit pin code to lock her phone and that she used that number for everything including ATM machines.  By the end of the conversation, he knew where she worked, her full name, and what she did for a living. He did all this by pretending he wanted to buy the phone she was holding in her hand! He was shocked not only by the fact that he was able to effortlessly get this information out of her, but that he, with little training was able to accomplish it.

Keep in mind that most hackers don’t need complex scripts or tools to betray you. You give them the information freely every day.  And if you have any doubt about that, think about how many times you hear people disclosing personal information while on their cell phones near you!

Tip #4: Pay attention to your friends.

The biggest sign that something isn’t right is when your friends start behaving in ways that are not common for them to behave. What I mean by that is, recently, I had one of my Facebook friends inbox me that she was in the U.K. stranded and needed some money to get home.  As it turned out, her account was hacked and this message went to all her friends.  I knew she wasn’t in the U.K. but had just launched a new solo business. Because I was paying attention to her posts and the way she interacts, I didn’t fall for the scam.

Many times, account hacks are not so easily detected. For example, a teen received a link from a friend in Facebook chat. The friend always sends various links to him via the chat. The sad news was that the link was to a malware site that totally destroyed his laptop.  This situation leads me to Tip # 5 below.

Tip #5: Always err on the side of caution.

This is where the healthy dose of paranoia comes in.

As in the case of the teen given the link from Tip #4 above, the teen should always respond back to the friend before clicking the link.  If the hacker is on the friends account, one of two things will happen. Either he/she won’t respond back to the chat ping, or they will not be able to answer the question regarding the link properly.

Let me explain.  Let’s say that this teen and his friend normally share links having to do with monster trucks because they both love them. But they hate cross-overs and SUVs.  The teen could have responded to the chat link with the following message, “Is this another video about that awesome Cadillac Escalade?”  A hacker, not knowing that their being baited, will respond, “Yes!”  Thinking that this should be the appropriate response. If the friend legitimately sent the link, then the friend will definitely ask you if you are a hacker on the account because his friend would never respond like that!

The point is, there is a way to test your friends using very intimate details about your relationship that only the two of you know and has not been publicly announced on your Facebook wall. Obviously, if this teen and his friends bash cross-overs or SUVs, then this example might not work. But I think you get the picture.

Remember, security is a process – not an endpoint.

This post will probably affect maybe 1% of our readership, but I felt it worthy of posting anyway.

I have been having problems for quite some time using HootSuite for my social networking in both Firefox and IE 8 browsers. I finally found that it worked best in IE8 if that was the only thing running. Meaning, I didn’t have other tabs open like I so often do with Firefox. And, I can run IE 8 with HooteSuite while having my Firefox open with all the tabs I want without interference.

This morning, I made an amazing discovery! I had HooteSuite running in my IE and I had opened Firefox to log in to my BlogTalk radio show. Panic set in!

BlogTalk radio would not load properly and even when I tried to call in to the switchboard, the phone call would not connect and my switchboard items became dimmed out.  (Now why the calling part would be related to the online switchboard I don’t know.) With less than 3 minutes to show time, I started panicking!

I don’t know what made me shut down IE and HootesSuite, but as soon as I did, I was able to connect to the BlogTalk radio switchboard and my call went through!

When I decided to write this post, I went back to each page – HooteSuite and BlogTalk Radio – and looked at the page sources to see what might be conflicting.

Both sites use JavaScript but I’ve never had a problem having multiple tabs open with JavaScripts running on each page. Even the most complex JavaScript doesn’t seem to be resource intensive by any means.

The problem appears to be Flash. I don’t know whether each of these sites are so Flash intensive that the browsers (both IE and Firefox) can’t handle it, or whether there is a conflict with the resources being used by each and the way the browsers manage it.

Even now as I type this post, I have the radio switchboard open in one tab and HooteSuite open in another and I’m getting a lag in the typing here in the WordPress blog tab.  It seems to happen when either HooteSuite is updating the tweets, or when BlogTalk radio refreshes the page for the advertising at the top. Which appears to be handled by JavaScript so I’m really confused!

Anyway, I wanted to put this out there so anyone who might be having a problem using HooteSuite might benefit from knowing that you may have to restrict using it with other resource intensive sites.  At least until we can upgrade to such a powerful computer that it won’t matter how resource intensive a web app is for the browser! (Where is an affordable terabyte processor when you need one? )

So, if you’ve been kicked out of our radio show chat or lost your sound during a show, make sure that you’re not running HooteSuite in the background while you’re listening to the show live. I bet you won’t experience any problems during the show!

BTW, I know that friend of the show, Charles Taggart, uses TweetDeck during the show and he has never reported being kicked out of the live chat nor losing sound. (Yes Charles, I’ve heard the chirps over our phone conversations! LOL) So, whatever the difference is between how TweetDeck and HooteSuite is programmed to work, is where the problem is.

And I’m not going to blame the browsers on this one! Are you surprised? (GRIN)

[Warning: Strong Language Content in Quoted Material]

My friends and family who are game addicts on Facebook are always upset with me because I block or ignore requests to join games on the social networking site.  (Now Mafia Wars on Myspace is a whole nuther story!)

But I reserve my Facebook account for professional connections and my MySpace is reserved from more personal connections and fun.

Well, thanks to an article by Techcrunch, I’ve finally got a reason to point to for this separation!

According to the Techcrunch article, 

Last spring, though, he [Zynga's CEO, Mark Pincus]  gave a much clearer explanation to an audience at a Startup@Berkeley mixer, admitting that scamming users was part of Zynga’s business model from the start. And it was all caught on video. I think everyone sort of knew that this was exactly Zynga’s gameplan. But to hear it said so directly is just shocking.

The full 30ish minute video is here. We’ve taken the relevant section of the video, roughly starting at around the 10:40 mark, and embed it below. From the video:

I knew that i wanted to control my destiny, so I knew I needed revenues, right, fucking, now. Like I needed revenues now. So I funded the company myself but I did every horrible thing in the book to, just to get revenues right away. I mean we gave our users poker chips if they downloaded this zwinky toolbar which was like, I dont know, I downloaded it once and couldn’t get rid of it. *laughs* We did anything possible just to just get revenues so that we could grow and be a real business…So control your destiny. So that was a big lesson, controlling your business. So by the time we raised money we were profitable.

Now do you see why I don’t trust any of these companies?

There have been comments in the past on this blog where folks have accused me of being a conspiracy theorist, believing in the ‘boogie man’, and other such lame remarks.

But here it is in plain language from one of the CEO’s of one of these companies! I don’t make this kind of crap up, nor am I a conspiracy theorist.

Will I stop playing Mafia Wars on MySpace? NO! But I don’t download any of their toolbars nor do I participate in their partner programs. If I want to buy Godfather (reward) points, I buy them outright.

I’ve included the YouTube video below and the full link to the Techcrunch article.

Zynga CEO Mark Pincus: “I Did Every Horrible Thing In The Book Just To Get Revenues”.