Monthly Archives: August 2011

Paul’s Security Weekly – Episode 255 Part 2 – August 18th 2011

Live from the Security Weekly out door studios, Paul, Darren, Ian, and Carlos are joined by "Thor", Martin Mckeay, and Josh Corman! What a line-up! We talk passwords, PCI, things most people do wrong when it comes to security, and more!

Episode 255 Show Notes

Episode 255 Part 2 Direct Audio Download

Episode Hosts:

  • Paul Asadoorian
  • Carlos Perez
  • "Intern Ian"
  • Jack Daniel
  • Special Guest #1: Martin Mckeay (Network Security Podcast)
  • Special Guest #2: Josh Corman (From the world of "awesomesauce")
  • Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.

    Audio Feeds:

    Video Feeds:

    Paul’s Security Weekly – Episode 255 Part 1 – August 18th 2011

    In Part 1 we interview Timothy "Thor" Mullen. As Johnny Long says: "Most recognize Thor as the Norse god of thunder with massive powers of destruction. Few realize that he was also the god of restoration. Likewise, his namesake, Timothy "Thor" Mullen, has spent his entire adult life both destroying and restoring Microsoft-based security systems. Thor's Microsoft Security Bible conveys the wisdom and expertise of the industry legend that has defined the bleeding edge of Microsoft security for over twenty years. I highly recommend this book."

    Episode 255 Show Notes

    Episode 255 Part 1 Direct Audio Download

    Episode Hosts:

  • Paul Asadoorian
  • Carlos Perez
  • "Intern Ian"
  • Jack Daniel
  • Special Guest #1: Martin Mckeay (Network Security Podcast)
  • Special Guest #2: Josh Corman (From the world of "awesomesauce")
  • Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.

    Audio Feeds:

    Video Feeds:

    The 8 Most Important Ways to Protect Your Identity and Privacy on Facebook: #7

    Tell Facebook not to use your name and image in Facebook ads.

    Yes. Facebook opts you into to almost every new feature, including using your name and image in Facebook “social” ads. Facebook isn’t alone in this. LinkedIn also recently decided that it can use your name and image in ads. Fortunately, this feature is easy to opt out of.

    Facebook only uses your image in ads shown to your friends and only to promote things you’ve already “liked.” That’s the good news.

    The bad news is that the average Facebook user has 120 friends and likes 100 more pages or groups. Do you remember everything you’ve liked? Might you end up endorsing something you don’t believe in? Would you rather not endorse anything? Turn it off now. Here’s how:

    Go to Account> Account Settings. On the left navigation click Facebook Ads.

    Under “Ads and friends” click “Edit social ads setting”. At the bottom of the screen you’ll see this:

    In that pulldown menu, select “No one”. Click Save Changes.

    Facebook does not give third parties the right to use your name or picture in ads. But they might. How do I know? Am I psychic. No. They already have a setting for it.

    To opt out of giving Facebook the right to use your name and image in ads, click on Facebook Ads again. Under “Ads shown by third parties” click “Edit third party ad settings”.

    At the bottom of that screen, you’ll see this:

    In that pulldown menu, select “No one”. Click Save Changes.

    You’re done.

    The 8 Most Important Ways to Protect Your Identity and Privacy on Facebook

    1. Unless you have a good reason not to, use the “Friends Only” privacy setting.
    2. Turn on Secure Browsing.
    3. Secure your account.
    4. Control how the world sees you via Facebook.
    5. Turn off Instant Personalization and audit your apps.
    6. Watch where you click.
    7. Tell Facebook not to use your name and image in Facebook ads.
    8. Start using Facebook lists.

    Cheers,

    Jason

    Paul’s Security Weekly – Episode 254 Part 2 – August 11th 2011

    In Part 2 of this episode we hear from more the fine folks of Trustwave's Spider labs and are amazed by:

    Traps of Gold with Andrew Wilson:

    Then we attempt to do the drunken stories of the week and reveal the special "adult" guests to our booth at Defcon:

    Episode 254 Show Notes

    Episode 254 Part 2 Direct Audio Download

    Episode Hosts:

    • Paul Asadoorian
    • Carlos Perez
    • Larry Pesce
    • John Strand
    • "Intern Ian"
    • Jack Daniel

    Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.

    Audio Feeds:

    Video Feeds:

    Paul’s Security Weekly – Episode 254 Part 1 – August 11th 2011

    In this episode we hear from the fine folks of Trustwave's Spider labs. They appear on the show to give three, that's right, three special technical segments on various topics. In part 1 we are astounded by:

    Amazingly True Stories from Real Penetration Tests:

    We also hear from our good friend Dan Crowley on cryptographic Oracles:

    Episode 254 Show Notes

    Episode 254 Part 1 Direct Audio Download

    Episode Hosts:

    • Paul Asadoorian
    • Carlos Perez
    • Larry Pesce
    • John Strand
    • "Intern Ian"
    • Jack Daniel

    Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.

    Audio Feeds:

    Video Feeds:

    Will the Google+ gender gap make it… or break it?

    If you saw the movie The Social Network, you may remember how it depicts Napster founder Sean Parker discovering Facebook. He spies a female college student who he’s ‘dating’ using the site almost immediately after they’ve woken up together. It’s a telling detail.

    Several of the men around F-Secure discovered Facebook did so by looking over their wives’ or girlfriends’ shoulders. This anecdotally confirms what Comscore found in July of 2010: social networks reach more women than men and women spend 30% more time on social networks than men do.

    In 2004, I was working at a company that was building a social network to compete with MySpace, which had quickly replaced Friendster as the most popular social network in the world. Our team saw how MySpace courted club culture and built celebrities up as they lured bigger celebrities in. We wanted to replicate this feeling of digital nightlife.

    Of course, the theory that women attract men to real life social events has motivated nightclubs around the world to offer discounts to females through various promotions for generations. Thus we decided that it was women who drive the growth of social networks, most effectively recruiting others. Sadly, for business reasons, we never got to test that theory out.

    But now it seems Google+ may be employing a strategy that is having an opposite effect: men are clearly growing the network. Based on a 46,573 sample of users, SocialStatistics.com finds 86% of Google+ users are male. That’s probably an overestimation, but an abundance of males is a very familiar statistic to those of us who have targeted beta audiences and early adopters.

    When you look at total users, there’s no doubt that Google+’s beta is successful. Some have called it the fastest growing social network ever. And Google definitely has not repeated the privacy gaffes in the launch of its Buzz network, which immediately connected users to Gmail contacts.

    By only launching a limited field trial, Google has made Plus exclusive, attracting, as F-Secure Security Advisor Sean Sullivan points out, “…just the type of folks that you want as beta testers.”

    But will this beta tester population grow a network big enough to compete with Facebook, the largest social network in human history? This privacy-sensitive decision could end up hurting Google+’s bottom line. And it seems that the search giant is beginning to recognize this.

    Google+ has now extended 150 invites to all users of the site, a variation on the strategy that made Gmail a global powerhouse. And users can now invite friends via Twitter links.

    But the question remains, since you can’t advertise on Facebook, how do you reach those non-beta users who will make your network social? Ask Tom Anderson your friend from MySpace. He’s advising Google+ to court the influencers that made MySpace such a juggernaut and to do so quickly.

    Cheers,

    Jason

    CC image by: Sean MacEntee