Monthly Archives: March 2011

Security Weekly – Security Weekly – Episode 236 – March 24th 2011

Fully packed show! Chris Nickerson and Eric Smith come on to talk about PTES, the new standard to executing penetration tests. Kevin Fiscus does an interview about risk management, helping customers, and more! Bugbear does a technical segment that will make you think twice about timestomping (NTFS MFT FTW), and the crew talks stories, including RSA, Comodo, and more!

Episode 236 Show Notes

Episode 236 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,John Strand,Larry Pesce

Audio Feeds:

Can Facebook use my name and profile picture in ads?

If you are a Facebook member and like a Facebook page and/or mention a Facecbook page in a wall update, Facebook can use your name and possibly your picture in ads that are shown to your friends.

In fact, your name might be appearing in Facebeook ad now saying that you like a certain brand. Facebook opts everyone into Facebook Ads. And you probably know that because you’ve read Facebook’s Statement of Rights and Responsibilities so carefully

You can opt-out of letting Facebook use your name or profile picture  in ads served to your friends by going to Account.


Then Account Settings.

Click Facebook Ads.

Scroll all the way to the bottom and for “Show my social actions in Facebook Ads to”, select “No one”.

What do these ads look like?

Usually they look like this:

Your name and picture can also appear in Sponsored Stories.

According to Facebook, “Sponsored Stories are stories that your friends published into your News Feed. These show up on the right hand side of pages on Facebook. The types of stories that can be surfaced include: Page Likes, App interactions, Place check-ins and Page posts.”

TL;DR? You’ll only appear in a Sponsored Story if you mention a Facebook page using Facebook’s mention tool (which works like a Twitter mention: you type @username.)

You probably haven’t seen too many Sponsored Stories because the mention took isn’t used all that often. And when it is, it might be used sarcastically to make a point. Like: @Starbucks parking lot is full again. I may have to go back to @No-Doz. You can only mention a page or profile you like using this method, which is good because that means you’ve, in a way, opted in twice to any brand that can use your image in Sponsored Stories.

Background

Facebook has used users’ names in ads for a while. Sponsored Stories launched  in early 2011. This seemed to rekindle a Facebook meme where Facebook users complain to each other about how Facebook uses our name and image in ads.

We recently shared a link that stirred some controversy: “How to Stop Facebook from Using Your Name and Profile Photo in Facebook Ads.” From the reaction we saw, it seemed that many people needed a reminder about Facebook’s ad policies. However, one user suggested that we were being alarmist and participating in a meme that could be use to drive spam or even spam apps.

To be clear: Facebook isn’t allowing third-parties to use your name and picture in your ad.

But they may soon, which is why this setting already exists.

To change that setting now, go to

Account.


Then Account Settings.

Click Facebook Ads.

At the top of the page in the section “Ads shown by third-party applications” where is says “Allow ads on platform pages to show my information to” select “No one”.

Now if Facebook starts letting third-parties use our names and images in ads, your name and image will not be used.

Why should I turn Facebook Ads off?

In a sense, Facebook is already allowing third-parties access to your life and identity. You pick who you advertise–the pages you like—and to whom—your friends. But you can’t exclude certain pages or friends. Nor do you share in any of the ad revenue.

A good and bad thing is that only your friends will ever see you in ads. But do you want your boss to see you endorsing an alcohol product in the middle of a work day? Do you want your mother-in-law to know you ‘liked’ Justin Bieber as a joke? It could happen if you don’t opt out.

Why should I leave Facebook ads on?

Do you love Facebook and want to support their revenue growth?

Or maybe you love the pages you interact with and appreciate a subtle way to spread the word. You could enjoy being exposed what your friends like and see this as a new way to interact. Or do you just not care very much about what your Facebook activity says about you?

Leave it on!

The fact is Tivo and ad-blockers have given us a way to avoid many of the advertisements that subsidize free content and services. Yet millions of us like brands on Facebook or follow them on Twitter. It seems many people don’t mind getting information from a brand, they just want control over what they see and how their identity can be used to market  a product.

It doesn’t matter if you opt in or Facebook ads, what matters is that you make a conscious choice.

And when it comes to your image being used to endorse products to your friends, Facebook has made that choice for you. Is this another feature that one should have to opt-in to? I think so. Is it annoying enough to make me quit Facebook? I think Facebook is well aware that the answer to that question is “No.”

Cheers,

Jason

Security Weekly – Security Weekly – Episode 235 Part 2 – March 17th 2011

Georgia "Troublemaker" Weidman joins us to discuss her experiences at the Mid-Atlantic CCDC competition as both a blue team member, and an incarcerated red team member. Then she discusses how her quest for a method of preventing embarrassing drunken texting led to her research in to the bot net control using sms. Can you hear me now? I thought so...

Episode 235 Show Notes

Episode 235 part 2 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,John Strand,Larry Pesce

Audio Feeds:

Security Weekly – Security Weekly – Episode 234 – March 10th 2011

Paul's Security Weekly from the Mid-Atlantic Collegiate Cyber Defense Competition for 2011. Where they discuss cyber defense of cyber assets by being a cyber warrior to fight the cyber criminals and the cyber thieves. Then we have a cyber podcast where we discuss some cyber news about cyber events all over the cyber sphere. So join cyber Paul, cyber Larry, Cyber John, Cyber Carlos, and last and certainly not least Intern Cyber for this cyberific podcast.

Episode 234 Show Notes

Episode 234 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,John Strand,Larry Pesce

Audio Feeds:

Security Weekly – Security Weekly – Episode 233 part 2 – March 3rd 2011

Ray Davidson takes ShmooCon to college. Larry continues on with his love for "The Sheen Machine". Then a better suite of stories for the week are discussed.

Episode 233 Show Notes

Episode 233 part 2 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,John Strand,Larry Pesce

Audio Feeds:

The 5 dumbest things you can do online

When you spend as much as one third of your life online, it’s easy to make a dumb mistake. The wrong click can trigger an unnecessary chain of events that will cost you time, money and focus.

Here are the 5 dumbest things you can do online. There’s so dumb that you’re probably not doing any them. But you might want to check just to make sure.

  1. Believing it can’t happen to you
    I’ll admit it. I’ve fallen for quite a few of the scams that are out there. I’ve clicked on a bad attachment, once. I clicked a bad link in an email, in an IM, on a MySpace page, once. I got phished on Twitter, once. If I didn’t have Internet security software and some good luck, I would have suffered some lasting consequences or embarrassment for those mistakes. Fortunately, the only harm was being reminded how scammers and spammers will find a way to user any new communication technology. That’s a lesson I learn whenever I get cocky online and forget to think before I click.
  2. Use the same key for every door
    61% of targeted attacks in 2010 relied on malicious PDF documents
    . Almost every PC user with a credit has a PDF reader on their PC, so cyber criminals are looking for was to make PDF’s profitable. So why use the most popular PDF Reader in the world if will suffer the brunt of the attacks? Why use the most popular anything? Seek out alternatives, especially when it comes to creating passwords and security questions. Make sure your password isn’t the world’s most popular password, which is “password”. Make the passwords for all of your most important accounts unique and strong. And make sure the answers to your security questions cannot be guessed by Googling you or looking at your Facebook profile.
  3. Ignore your  browser bar
    Do you check your browser bar to see what URL you are really on before you login to your Facebook, Twitter or bank accounts? Criminals can fake the look of almost website in the world. But they can’t fake the URL. Whenever you’re entering login information or buying anything, give that browser bar a check to make sure you haven’t landed on a site you don’t know or trust.
  4. Confuse links with your friends
    Social spam exploits the trust we have for our online friends. I’m not likely to open a spam email from a stranger. But whatever my mom or wife send me catches my eye. Thus, I’m more likely to click a bad link in an email from my wife and continue the outbreak. Spam is contagious. Click the wrong link on Facebook and you could end up spamming all of your friends and you may continue spamming them until you remove the spam app from your account. Most of your friends are probably on Facebook and they all are making the same mistakes at least once. New studies show that bad links on social sites are as common as they are on porn sites. So never forget, links are not your friend. Pause before you click on a link in you Facebook News Feed. If you see a link that includes OMG! or LOL or something inappropriately sexual or shocking, copy it and check it with our free Browsing Protection.
  5. Expect free to be “free”
    In Silicon Valley, there’s a saying: If you aren’t paying for a product, you are the product. That means Facebook’s product isn’t a set of tools that makes it easier for friends to connect. Facebook’s product is the 650 million people it can market to using the trust we all have for our friends. Gmail scans your email to deliver ads based on your intimate communication. That’s the cost of using the site. Sites that share free movies and music may also be sharing free malware. On the Internet, “free” is just another word for “Watch out!” Facebook definitely has some privacy problems. It will continually push you to share more and more without ever telling you what not to share. Sharing is their business; encouraging shyness isn’t. So always remember the mantra: never expect anyone else to protect your privacy.

Being savvy doesn’t mean being paranoid. Just know that criminals will use anything—including the trust you have for your friends and your favorite Internet companies—to trick you. So you think before you click. If you don’t have time to think, wait to click.

And just in case, make sure that your system is secure and your software is patched and protected. Our free Health Check makes that easy.

Cheers,

Jason



Security Weekly – Security Weekly – Episode 233 part 1 – March 3rd 2011

Sharon Conheady on the history of social engineering, con-artistry, and the bamboozler. All this and more on a internless 233 part 1. I will be back next week and hope it sounds better.

Pretty sad to represent Sharon on the show, who has a beautiful voice by the way... we have an image of who else.. JOHN STRAND everyone.

Episode 233 Show Notes

Episode 233 part 1 Direct Audio Download

All the Paul's Security Weekly episodes on our Bliptv archives.

Hosts: Paul Asadoorian,John Strand,Larry Pesce

Audio Feeds:

With New Cyber Terror Threats, Investing In Cyber Security Is More Important Than Ever


In our times, network security is the most critical aspect and function of any business; almost all business are connected to online data in some way.  Even smaller companies such as small music store chains have specific email passwords and critical data that can be easily hacked by criminals.  To avoid these types of issues and to eliminate the chances of such security breaches, computer network security should be your number one priority.  There are criminals out there unlike what the world has previously witnessed; these are not people who wait to break in to your business at night.  The modern criminal is rapidly becoming a cyber threat; unseen, unheard and many times unstoppable to those who do not have proper cyber security.
                The threat is growing across the world as well; enemies of America and other countries throughout the world are rapidly planning more cyber-attacks than ever before.  Federal institutions have had their websites targeted and taken over by terror organizations, and the threat continues to grow.  It is only a matter of time before terrorist cells will see the harm they can cause by targeting the websites of average, everyday business, and conduct terror opportunities through the internet and cyberspace.  Network security should be more important than ever to every business owner; why take the risk of losing the trust of your customers and employees?  Protect your business from the unseen threats in the world, just as you would protect it from physical threats.