Good morning all

I rarely post in this esteemed Forum and hope that my question isn't one that has already been asked. Mods, I have searched for thread titles containing "Facebook" and "T w itt er" and no results were returned so... if there is already a thread please feel free to add my post to it!!

I am not a billy-no-mates but I cherish the friends I have and am not in the business of promoting myself on the internet ... HOWEVER ... even I am increasingly being asked why I am not at least on Facebook or T w itt er, and when I mutter about security concerns folks look amazed.

I am sure that I have read about Facebook being hacked and many personal details taken - am I dreaming this?

Of course I am aware that a lot of my personal information is already "out there" but to the best of my ability I have only ever provided non-public-domain information about myself to sites I have some faith in.

My question then is, very simply, how secure are websites like Facebook, T w itt er etc?

yours, trying not to be an internet Luddite,

brockie!!

P.S. I typed T w itt er without the spaces but got ******* hence the odd layout!

I am a Luddite, proudly so.

My comment below refers to Facebook and other social nitwitting sites, which I know a little about. I think ****-ter is something different and don't know much about it.

Short answer, and of course it's my opinion, is that I think FB, etc, are highly dangerous for many reasons. There have been miles of news articles devoted to this and if you do your own research you can find far more eloquent support of this contention than I can provide.

even I am increasingly being asked why I am not at least on Facebook or T w itt er, and when I mutter about security concerns folks look amazed.

Just say you have a life and/or better things to do. :ok:

My question then is, very simply, how secure are websites like Facebook, T w itt er etc?

It is not about (computer) security but, as you correctly identify, about personal stuff of yours being all over the internet and pretty much a Google search away from anyone. It's every employer's, police force, and tax inspector's dream--not to mention identity thieves and practical jokers (our favourite use at work :E).

My question then is, very simply, how secure are websites like Facebook, T w itt er etc?
Most things aim at being as secure as is reasonable against a particular threat level, and then fail because they have bugs.

A social networking site should try quite hard not to let anyone steal and misuse your credit card details, and they're probably no worse at this than any other retail sites.

But as far as personal information is concerned ... the entire point of these sites is for you to voluntarily publish personal information! The main issues are

(1) if I publish something on one of these sites and mark it as "visible to my friends only" then how hard is it for the general public to hack their way into this information?

(2) if I decided to leave one of these sites is my information really deleted?

Well, it's easy to answer (2) - even if the social networking site does delete all copies of your information when you leave there will still be copies archived all over the web, so it doesn't really matter what the social networking site does: once you've chosen to publish information about yourself it is visible for ever.

And in practice as some failures in (1) have occured from time to time the sensible advice would be to put nothing on such a site that you didn't want your partner/child/employer/tax inspector, and any possible future versions of these for the rest of your life, to read. But that's just the same advice as putting information about yourself anywhere electronically.

Right! That is at least two of us who have absolutely no intention of ever joining Facebook or Tw***er for the reasons explained above.

I am slightly paranoid about my personal privacy and when faced with a website which demands my mobile telephone number or e-mail address for no good reason (oh they promise never to release the details for marketing purposes) I tend to provide false details. Now with a bit of luck, that mobile telephone directory enquiry service which was nearly launched the other week amidst a load of hoo-ha is unlikely to have my number. However, if I now give it to them and ask for it to be removed from their database?

P.P.

Make it 3.

That's now 4

Enough (read "way too much") information is already gathered and stored about individuals at the behest of this administration (and I do mean since Labour came in) without voluntarily sacrificing what is left of one's privacy.

Five!

SD

Is this going to be a "me too" thread? In that case I claim numbers five bis, six, seven, and nine through seventeen. :rolleyes:

I'll raise you three to make it an even 20. :ok:

Whether Facebook or Τwitter are secure or not... where is the expectation that they be totally secure? What is on there that needs securing? I have a disposable email address (on GMail) I use for anything like that, and I use different passwords and logins for sites that I do require to be secure. I don't use Facebook or similar services, because I know they gather information for the purposes of marketing stuff to me, and I don't make a good target market for advertising. I understand why people are concerned about those.

I do use Τwitter because it's fun: I expect little from it, and it asks little from me. They have (so far) shown no signs of trying to gather marketable information from me, but I know that they're a business, and will need to make money some day. If that happens in an intrusive way, I can just walk away. I look at some of those "Luddite" comments, and fail to see how they can be applied to Τwitter at this time.

*just my opinion*


A secure password will stop the majority of problems security wise, but as with most other things (car, house, business etc etc) if someones determined to get in they probably will. The real issue is that you are partly reliant on someone else for that guarantee, rather than your own senses and a bl***y big stick. I've read that part of *******s problem arose from the fact that the original site build never foresaw the level of traffic it got, so they just had to make it up as they went, rather than take it down and restructure it.

As for information control, I'd start by reading a sites T & C's. If they sell it on, claim any and all rights to it and offer it up to any passing hawker without your say so, it makes sense to be economical with it. You are in control of it - but only until it enters the system.

A 'dummy' Email is a very good idea for starters as has been said. Not getting caught up 'in the moment' and bleating about a particular issue is another - I suspect we've all done it but it makes sense to take a step back before hitting that button. Would you walk down the street shouting your personal opinion on a sensitive issue? I doubt it.

Bottom line, I think we'll find it increasingly difficult to operate without a 'web layer' to our daily comings and goings. It's not going to get any less complicated but it may get more intuitive, making it even easier for us to screw it up.

There is no guarantee that f a c e book will secure your personal details and personal pics.

What if one day, while taking your breakfast you'll see on the paper, "f a c e book breached by a teenager"? You can chase no one, besides, this is similar to other Insurance Firms or Banks or Hospitals where personal details where stolen, or probably sold by the firm themselves, again, I haven't heard someone who sued their bank or their insurance firms, when there databases are breached. You'll only feel sad when those big firms' records are copied, and you're one of their client.

I wonder if the above issue was the real cause of this worldwide downturn, some electronic numbers are missing. I think the IT industry is the main cause and everybody is pointing there fingers at CEO's. (farfetched, but possible)

A couple of points based on skimming the thread.

1) Choose a password with a sprinkling of capitals, vowels replaced with numbers, a space or two, and some special characters. Even better, choose the base word from the initial letters of a sentence - favourite song lyrics or the like. Password cracking is fairly straightforward if time consuming, and
using the latter strategy avoids dictionary-based attacks. (Check http://sites.google.com/site/reusablesec/Home/presentations-and-papers/Defcon09v2.pdf - slide deck from Defcon) which is quite geeky but interesting.

2) Facebook is sort of ok, it's the apps bolted on which I have a problem with. First because they're third-party and secondly because of the sort of things they do. Choose with care, and avoid quizzes like "What's your first pet's name" and "mother's maiden name" - the sort of things you might have seen before as security questions for bank logins, that type of thing.

3) Tw it ter - insecure due to the use of URL shortening, plus maddeningly "cool" - it's all bollox to me :)

4) Some of the more exotic web-based attacks require nothing more than visiting a hacked web site which has had references to dodgy web sites installed. Use Firefox, "NoScript" and "FlashBlock" and know how to interpret what they're saying. Also, close ANY browser, then log in to online banking sites, do your business then log off. Stored credentials can cross tabs/browser windows to effect an attack even if the banking site is secure.

I love facebook, I just don't put personal information on it, such as my telephone number, address, correct date of birth, place of work, etc. Everything is optional on facebook. If I don't want to share certain information then I just leave those sections blank.

By RICHARD LARDNER, Associated Press Writer Richard Lardner, Associated Press Writer – 1 hr 38 mins ago
WASHINGTON – As the Pentagon warns of the security risks posed by social networking sites, newly released government documents show the military also uses these Internet tools to monitor and react to coverage of high-profile events.
The Air Force tracked the instant messaging service *******, video carrier YouTube and various blogs to assess the huge public backlash to the Air Force One flyover of the Statue of Liberty this spring, according to the documents.
And while the attempts at damage control failed — "No positive spin is possible," one PowerPoint chart reads — the episode opens a window into the tactics for operating in a boundless digital news cycle.
This new terrain has slippery slopes, though, for the military. Facebook, MySpace and other social media sites are very popular among service members, including those in Iraq and Afghanistan who want to keep in touch with friends and family. The sites are also valued by military organizations for recruiting or communicating with other federal agencies.
But posting information on these interactive links makes it vulnerable to being lost or stolen by the enemy, according to Pentagon officials. On Thursday hackers shut down ******* for several hours, while Facebook had intermittent access problems — an indication of the shortcomings of relying on these services.
The Marine Corps' computer network blocks users from accessing social media sites, which service officials say expose "information to adversaries" and provide "an easy conduit for information leakage."
The Marines recently made its ban official. And that prohibition might extend to other parts of the military pending a top-level review ordered in late July by Deputy Defense Secretary Bill Lynn.
In a widely distributed memo, Lynn said the so-called "Web 2.0" sites are important tools but more study is needed to understand their threats and benefits.
Air Force officials are already aware of the potential benefits.
According to the Air Force One documents released through the Freedom of Information Act, a unit called the Combat Information Cell at Tyndall Air Force Base in Florida monitored the public fallout from the April 27 flight and offered recommendations for dealing with the fast-breaking story.
Formed two years ago, the cell is made up of as many as nine people who analyze piles of data culled from the Internet and other sources to determine whether the Air Force's message is being heard.
The presidential plane took off for New York from Andrews Air Force in Maryland accompanied by two F-16 jet fighters. The purpose of the flight, which wasn't publicly announced, was to get new photos of the specially modified Boeing 747 with the statue in the background.
The mission quickly became a public relations disaster as panicked New Yorkers, fearing another 9/11-style attack, emptied office buildings. In the aftermath, Louis Caldera, director of the White House military office that authorized the flight, was fired.
The Combat Information Cell's first assessment of the event said "Web site blog comments 'furious' at best." Local reporting of the flyover was "very critical, highlighting scare factor," it added.
A twitt*er search revealed a rate of one "tweet" per minute about a pair of F-16s chasing a commercial airliner. A tweet is a text message of up to 140 characters delivered to the author's subscribers, who are known as followers.
Media coverage over the next 24 hours "will focus on local hysteria and lack of public notification," the cell predicted. "Blogs will continue to be overwhelmingly negative."
"Damage control requires timely counter-information," but the opportunity for that had passed, the assessment said. The cell recommended acknowledging the mistake and ensuring it didn't happen again.

Another update on April 28 said the story was still "reverberating, surprisingly resilient." The tweet rate had grown to three per minute and the words "New York" had been pushed into *******'s high-frequency topic category. Videos of the event posted on YouTube had been viewed more than 260,000 times, it said.
By April 30, the story had faded, the cell reported. The blogs were still very critical, but it was the White House, not the Air Force, that was taking the heat, the assessment for that day said.
The other dominant news story at the time was public concern over the spread of swine flu. According to the documents, the same Air Force cell suggested there may be an opportunity to turn the tide. "Government involvement in this incident could be used to frame expected handling of H1N1 outbreak," one of the PowerPoint charts reads.
A Utah Air National Guard unit, the 101st Information Warfare Flight in Salt Lake City, was also monitoring the social sites. "To say that this event is being beaten like a dead horse is an understatement," reads an April 28 e-mail from the unit to other Air Force offices. "Has really taken off in Web. 2.0."
Both the 101st and the Combat Information Cell are attached to the 1st Air Force, which is based at Tyndall and is in charge of guarding U.S. airspace.
1st Air Force spokesman Al Eakle explained that the command had no role in planning or coordinating the Air Force One flight. But the units tracked social networks and blog traffic "to obtain what lessons we might learn so as not to repeat them in the future." The assessments were sent to the command's leadership so they'd know how the public was reacting, he added.
John Verdi of the Electronic Privacy Information Center in Washington said gray zones can emerge while monitoring social networking sites because viewing and participating is based on trust.
"Lots of times individuals upload private or sensitive information that they expect to share with their friends or family and not the whole Internet world," Verdi said. "It would certainly be a major problem if the government were accessing that information under false pretenses."
Paul Bove, an Air Force digital media strategist, said service personnel are instructed not to do that. Nor are they to use aliases or represent a position that's beyond the scope of what they do.
"We always tell people, 'Stay in your lane and don't talk about something that you're not qualified to talk about,'" Bove said.
The issue of aliases is at the heart of a complaint stemming for the Army Corps of Engineers' performance in New Orleans before and after Hurricane Katrina.
On Tuesday, Sen. Mary Landrieu, D-La., asked the Pentagon inspector general to examine allegations that Corps employees posed as ordinary citizens and posted comments on a New Orleans web site defending the organization from criticism following the disaster.
Jon Donley, former editor of NOLA.com (http://us.rd.yahoo.com/dailynews/ap/ap_on_go_ca_st_pe/storytext/us_pentagon_*******_tracking/32995426/SIG=10hc24cmp/*http://NOLA.com), said in a June 9 affidavit that there were as many as 20 registered users who developed a pattern of not only defending the Corps, but at times being "overtly abusive" to any critics. He said he was able to trace their posts to a Corps Internet address. Ken Holder, a spokesman for Corps' New Orleans District, said it will cooperate with any investigation.

http://news.yahoo.com/s/ap/20090810/ap_on_go_ca_st_pe/us_pentagon_*******_tracking