Notifications
Recent Notifications: Here you can see what Facebook is getting your attention with. This is where you can find out how much Facebook annoys your or if you like it how much it keeps you informed. So here you will see all the Likes, the Comments, people who have commented or liked something after you on another post or on your own post. You can see what sends you more or less notifications and limit it down to what you would like to be notified about.
Subscribers
Here you will allow Subscribers which are people who can see what you post publicly with out being your friend as set by your restrictions.
I dont see why you would unless you are a public figure. Here you can set up what the public can see who are not exactly your friend they just keep tabs on you. Like I said, unless your are super cool in the Cyberspace or a public figure I don't see the need for this.
Apps
This is a good place to check once in a while. You will see what applications on Facebook or otherwise permission to work with your account. So you can see many things here. If you gave Bejeweled Blitz or Hanging with Friends permission to your page its here, and you can take that permission away. If you gave Instagram or Dropbox permission it is here and you can take it away. If its something you have not used in months and will not use again delete it. If you see something weird, delete it and change your password. This is a good place to keep an eye on things.
Saturday, March 17, 2012
Friday, March 16, 2012
Facebook Account Settings (Security)
Security Question: Here you select from a preset set of questions. Remember If you pick something like Grandfathers occupation you can lie about it. Say he was the president. This will make it so that you and only you can answer this question and verify that it is you.
Secure Browsing: Check this box. It makes it so that you will access Facebook with more security. After you check this you will have https:// instead of http:// in the URL. So if you see that you are in a http:// something is wrong.
Login Notifications: You can be contacted via email or text or push notification. This notification will let you know when someone has accessed your account. So if you have not logged in for three days and your at work and cant log in and you get an email from Facebook that someone has logged into your account. You will be prompted when you log into your account to say where it is that you are logging into from. You can add or remove locations that have logged in to have access to your account. This is a helpful tool that I use.
-Login Approvals: You can create a more secure logon. It will also delay your log on. When you put in your username and password it will bring you to a verification window. You then will receive a verification code by the means you set up. While this is a great tool you need to keep in mind the worst case scenarios. if it is sent via text and you get a new phone and phone number you wont get the code. Or if you have it sent via email and you are unable to get into that account you will not be able to log in. This can give you a headache quickly. You have to find what works for you.
App Passwords: You can set up passwords for the use with the different apps you use in Facebook. You can set them to increase security but know that this will decrease the level of connivence of using them.
Recognized Devices: If you have set up other security features this is where you can see what and who has permission to access your accounts. You can see names of the devices and the dates they logged into your account. You can remove devices that were used that maybe you just used one time and do not want to have continued access.
Active Sessions: Here you can see all the sessions created. Each time Facebook is accessed with your username and password it is logged here. So you can see if someone has used your account with out your permission.
Facebook Account Settings (General)
On the main Facebook page where you view your wall at the top right above the adds you will see a down arrow next to the home block. Click the down arrow and you will see Account Settings. Click here and we will begin.
So the first selection is General.
-Name: This is where you can change your name. In a situation where you got married or divorced.
-Username: Facebook allows you to select a username that you can use for people to find you better like Facebook.com/noobsec for instance.
-Email: Here is where you can change which email account you would like associated with your account. You can also set up a Facebook email address as well.
-Password: This is where you can change your password. It also tells you the last time that you changed your password.
-Network: Here is where you can add networks
-Linked Accounts: Here is where you can link another account to your Facebook account. Be careful here. If you don’t need to be logged in every time you log into something else then do not set this up.
-Language: You can change what language Facebook is displayed in.
So the first selection is General.
-Name: This is where you can change your name. In a situation where you got married or divorced.
-Username: Facebook allows you to select a username that you can use for people to find you better like Facebook.com/noobsec for instance.
-Email: Here is where you can change which email account you would like associated with your account. You can also set up a Facebook email address as well.
-Password: This is where you can change your password. It also tells you the last time that you changed your password.
-Network: Here is where you can add networks
-Linked Accounts: Here is where you can link another account to your Facebook account. Be careful here. If you don’t need to be logged in every time you log into something else then do not set this up.
-Language: You can change what language Facebook is displayed in.
Tuesday, February 7, 2012
Facebook INTRO
Yes, that amazing place where you share, like and post things can be a security problem. You share lots of personal information. You share pictures and articles and funny pictures of cats or political opinions. You add long lost friends and coworkers. You play games and allow them access to your wall.
Do you know what you are sharing and who can see it? What can they get from these little bits of information? Well, did you share what high school you went to in your profile? A quick google search can find out what your mascot was. And that is one of the top 10 security questions on websites. As a matter of fact ING uses that question. Your birthday, your family, your parents, your likes and dislikes. You can even be sharing your email address and phone number with out even realizing it. Who can see your wall? What exactly do you share? Did you know that sometimes friends of friends can see your post if they are not your friend but the friend you share posted on your post. That post about how excited you are about your two week cruise to rest and relaxation just told everyone that no one will be home for how long and possibly when you are gone. I have read articles about people who have been robbed because of such posts.
If you have your settings so that friends of friends can see when a friend posts or likes one of your photos or vise versa. Now if you post something personal about a tough time you are going through you are looking for a little support from your friends. A good friend of yours makes a comment like keep your chin up. Well that post you made about how sad you are or what not can now be seen by your EX. Yes, if your settings are set up properly your EX’s can stalk you through mutual friends. Maybe that post was about the EX. No its not a huge deal or maybe it is to you. Remember, nothing you put on the internet is absolutely private. But you can attempt to make it as private as you can.
So we are going to be going through the privacy and security settings. I will show you the features and settings that will make you as secure as you feel that you need to be.
Thursday, November 24, 2011
Good Practices 1
I will be doing an on going series of good practices you should be aware of and using in your attempt to make your self better protected in this fast paced internet world. So here is the first of many. Enjoy
Do you use your Wifi at 3am?
Well unless you a night owl looking up a last minute flight to your mom’s house then please turn off your router/wifi router when your not using it. Well not every time you step away. Just for times like when your at work or when your asleep. If there is no path to your computer for someone to use then they cant get in. And if its on all day while your gone your neighbor can use it to download that new album for his favorite band that just came out illegally on your wifi.
You don’t have to shut down your computer but put it in a power save or sleep mode.
If you running in the screen saver mode then your computer is still alive and can still perform things in the background. Yes having a password to log in will help but not for everything. Powering it on and off all the time can start to cause wear and tear on your Hard Drive but thats is another topic.
Make sure you click log out and not just close the browser
When you log into a website your are creating a Session. Sometimes these sessions have a timer on them, other times they don’t. It all depends on the website, or how they have configured their Servers to handle the Sessions on their site. So lets say you close the browser and walk away from the library computer. If a person sits down right after you and wants to check their bank account or Facebook like you just did, they may be looking right at your account. If you select log out every time this session is terminated right there.
DO NOT open email attachments from someone you do not know
Who cares if it says the attachment is a desktop wallpaper of a cute kitten fighting a butterfly. You must resist. I know you love cats. Im sorry. If its from someone you have never heard of then there is a high chance that this is phishing. Phishing is a way that someone attempts to get you to do something or provide something that will in turn harm you. Yes when you open it there is a picture of a cat fighting a butterfly. But when you opened this you also may have executed code or something else malicious that can install something or make your computer do something. If the email is from the website that you gave your email address to in order to get pictures like this then that is fine. The address will be from something that sounds legit. So if you signed up at Catsarethebest.com that is who you should check to see who it came from. If it is from catscatscats.com you should consider just deleting it.
When was the last time you changed your password?
Just because nothing bad has happened yet does not mean you should not change it. And no you should not change it from scrambledeggs4 to scrambledeggs5. Just performing this increment does not make is safe even though it is different. You can change it up and use a different food you love. Password cracking tools check everything in increments as well. So they do check for ilovemydog1 and ilovemydog2 and ilovemydog3 and so on and so forth. This is a known weakness in passwords that bad guys would like to exploit.
Do you use your Wifi at 3am?
Well unless you a night owl looking up a last minute flight to your mom’s house then please turn off your router/wifi router when your not using it. Well not every time you step away. Just for times like when your at work or when your asleep. If there is no path to your computer for someone to use then they cant get in. And if its on all day while your gone your neighbor can use it to download that new album for his favorite band that just came out illegally on your wifi.
You don’t have to shut down your computer but put it in a power save or sleep mode.
If you running in the screen saver mode then your computer is still alive and can still perform things in the background. Yes having a password to log in will help but not for everything. Powering it on and off all the time can start to cause wear and tear on your Hard Drive but thats is another topic.
Make sure you click log out and not just close the browser
When you log into a website your are creating a Session. Sometimes these sessions have a timer on them, other times they don’t. It all depends on the website, or how they have configured their Servers to handle the Sessions on their site. So lets say you close the browser and walk away from the library computer. If a person sits down right after you and wants to check their bank account or Facebook like you just did, they may be looking right at your account. If you select log out every time this session is terminated right there.
DO NOT open email attachments from someone you do not know
Who cares if it says the attachment is a desktop wallpaper of a cute kitten fighting a butterfly. You must resist. I know you love cats. Im sorry. If its from someone you have never heard of then there is a high chance that this is phishing. Phishing is a way that someone attempts to get you to do something or provide something that will in turn harm you. Yes when you open it there is a picture of a cat fighting a butterfly. But when you opened this you also may have executed code or something else malicious that can install something or make your computer do something. If the email is from the website that you gave your email address to in order to get pictures like this then that is fine. The address will be from something that sounds legit. So if you signed up at Catsarethebest.com that is who you should check to see who it came from. If it is from catscatscats.com you should consider just deleting it.
When was the last time you changed your password?
Just because nothing bad has happened yet does not mean you should not change it. And no you should not change it from scrambledeggs4 to scrambledeggs5. Just performing this increment does not make is safe even though it is different. You can change it up and use a different food you love. Password cracking tools check everything in increments as well. So they do check for ilovemydog1 and ilovemydog2 and ilovemydog3 and so on and so forth. This is a known weakness in passwords that bad guys would like to exploit.
Sunday, October 9, 2011
Web Site Security Questions
Those questions your bank asks you to get your password unlocked and such. LIE. What is your Mothers maiden name? Spiderman. Yeah thats what I said. Spiderman. Even if they find your Mothers maiden name a hacker cant get in because you put in Spiderman. Pick a favorite movie and use those characters. Use their favorite color or high school mascot. Use your favorite actor even and use their personal data. You will NOT get in trouble for this. Your bank will not look in your profile and be like “Um Ma’am it has come to our attention you have lied in your security questions.” Never gonna happen. Who cares if you said you went to Hogwarts for High School. These are for YOU and YOUR security on YOUR accounts. The harder you have made it then the harder it is for someone else to guess. Through internet information mining people may very well find out what your mothers maiden name is. But jeez its gonna be funny when they try. Cause nowhere and I mean nowhere will it say her name was Spiderman. Well unless you go around telling everyone the funny story about how you put Spiderman in your security questions.
Don’t share any information even with close friends. Yes its OK for you to think Im silly and your long time friend wont do anything. Who cares. You should. If your the only one that knows your the only one that can get in. Well with in reason of course. Its like practicing what you preach. You don’t wan to only practice good security with your accounts out in public. Then go home and break all the rules because you feel safe in your home. You are only as safe as you can possibly make yourself at your weakest point. And if you slack off at home then all the other things you do are for nothing.
Don’t share any information even with close friends. Yes its OK for you to think Im silly and your long time friend wont do anything. Who cares. You should. If your the only one that knows your the only one that can get in. Well with in reason of course. Its like practicing what you preach. You don’t wan to only practice good security with your accounts out in public. Then go home and break all the rules because you feel safe in your home. You are only as safe as you can possibly make yourself at your weakest point. And if you slack off at home then all the other things you do are for nothing.
Saturday, October 8, 2011
Password Fundamentals
It seems that everything we do on-line requires a username and password. From banking to social networking, forums, and internet news groups. So many usernames and passwords in fact that it leads you to less security then you think. Who can remember 20 passwords or what 20 sites they are for. Are you writing them down? Are you using the same passwords for multiple sites? This can be inherently dangerous because if only one site becomes compromised then in turn all the other sites you use can also be at greater risk. I want to cover a couple of practices and need to know’s that will enable you to be in a greater cocoon of security. This reduce the likely hood of you becoming a victim of an online crime, and keeping your self save from a possible data leak from the company you are trusting with your personal data.
I am sure you have heard of all the recent attacks on companies by groups such as Anonymous and LOLSec. These groups are hacking into big corporations that they feel have unjustly wronged those that they support. Like a Robin Hood scenario but in this Cyber War as in any war collateral damage has occurred to innocent bystanders. When Sony was hacked the usernames, passwords, credit card information and other valuable information was stolen by these groups and put out for all to see on the internet. Sony had to get identity theft protection for those involved and payed for those individuals to be able to get credit reports. Sony released public statements on what they believed was leaked but no one can truly know what was done or stolen once you have been compromised. This is terrible and no matter who you support in this there is no reason for the innocent to be harmed.
Lets say you have an account with XYZ.com and ABC.com. You use the same email address(which in most cases is the username) 12345@email .com. And because you have 500 other sites to log into you use the same password for them all. Well if sitej XYZ.com has a data breach and your information is leaked then in turn they now have your credentials to log into ABC.com as you. And if you use the same for DEF.com and GHI.com they now have access to those. So lets put this in the real world. If XYZ and ABC are Twitter and Facebook they can spam people or get into your contact list. If DEF and GHI are your bank or investment site you can be in big trouble. Hackers are evil and seem like a bad dream but they are real people too. They know what top websites people are most likely to have accounts with.
So with their super hacker skills they have made programs that will take these databases of compromised information and use them all at these sites. Because their is little user interaction that is required because the programs will run while they are counting sheep it is not too labor intensive for the hacker. His return on investment is great because he only needs to have 20-30 work out of the 100,000 he received via the deep dark places on the internet. If he only gets $100.00 from all 30 of those accounts he is now $3,000 richer and he was all snuggled up in bed.
Its time to break the routine of bad security. I will give you simple tricks and tips that will greatly reduce the possibility of you becoming a victim. There is no 100% sure way. There are only ways to reduce the chance of it happening. So lets get started with the most simple way to increase your security know how. Your password. We need to make it easy so you wont cheat and go simple, yet is good enough for simplistic password programs to be defeated. So general practice wants you to have a mix of lowercase, uppercase, numbers, and symbols. Then the longer it is the better it is. Its a game of math. The way the programs methodically attempt to guess your password can be truly put to the test. if your password is abcd1234 it could take 2 hours for it to guess. If your password is aBcD12#4! it could take months even years.
Here is a great way to keep bad guys out. Pick something rough. AbC$%Er13. Then you could use google.com. Yes use the web site to help you. Take the last two letters of the name and put them in the password. So no you have AbC$%Er13le. This made it longer and now is specific to this one web site. If you do this for every site you now have a different password for everything you log into. And you can write down the first part. Just dont tell people your special secret for the end. I do not want to get into all the crazy math but this has made it so that a password cracking tool could take years to crack. They wont go that long. They will just take the ones that were cracked in four hours. There is not a good return on investment if they go for years after your password and then you may even change up to the first two letters and add them in now. Yes you want to switch it up once in a while. This also increases your security strength. So if your Twitter password is compromised they can not get into your Facebook because the passwords are different.
Try it out. See what works for you. Your security will fail faster on your part if you become lazy with security. You can not help it if one website gets attacked by Cyber Criminals. But now if one password is out in the open for use your have greatly reduced the impact to yourself.
I am sure you have heard of all the recent attacks on companies by groups such as Anonymous and LOLSec. These groups are hacking into big corporations that they feel have unjustly wronged those that they support. Like a Robin Hood scenario but in this Cyber War as in any war collateral damage has occurred to innocent bystanders. When Sony was hacked the usernames, passwords, credit card information and other valuable information was stolen by these groups and put out for all to see on the internet. Sony had to get identity theft protection for those involved and payed for those individuals to be able to get credit reports. Sony released public statements on what they believed was leaked but no one can truly know what was done or stolen once you have been compromised. This is terrible and no matter who you support in this there is no reason for the innocent to be harmed.
Lets say you have an account with XYZ.com and ABC.com. You use the same email address(which in most cases is the username) 12345@email .com. And because you have 500 other sites to log into you use the same password for them all. Well if sitej XYZ.com has a data breach and your information is leaked then in turn they now have your credentials to log into ABC.com as you. And if you use the same for DEF.com and GHI.com they now have access to those. So lets put this in the real world. If XYZ and ABC are Twitter and Facebook they can spam people or get into your contact list. If DEF and GHI are your bank or investment site you can be in big trouble. Hackers are evil and seem like a bad dream but they are real people too. They know what top websites people are most likely to have accounts with.
So with their super hacker skills they have made programs that will take these databases of compromised information and use them all at these sites. Because their is little user interaction that is required because the programs will run while they are counting sheep it is not too labor intensive for the hacker. His return on investment is great because he only needs to have 20-30 work out of the 100,000 he received via the deep dark places on the internet. If he only gets $100.00 from all 30 of those accounts he is now $3,000 richer and he was all snuggled up in bed.
Its time to break the routine of bad security. I will give you simple tricks and tips that will greatly reduce the possibility of you becoming a victim. There is no 100% sure way. There are only ways to reduce the chance of it happening. So lets get started with the most simple way to increase your security know how. Your password. We need to make it easy so you wont cheat and go simple, yet is good enough for simplistic password programs to be defeated. So general practice wants you to have a mix of lowercase, uppercase, numbers, and symbols. Then the longer it is the better it is. Its a game of math. The way the programs methodically attempt to guess your password can be truly put to the test. if your password is abcd1234 it could take 2 hours for it to guess. If your password is aBcD12#4! it could take months even years.
Here is a great way to keep bad guys out. Pick something rough. AbC$%Er13. Then you could use google.com. Yes use the web site to help you. Take the last two letters of the name and put them in the password. So no you have AbC$%Er13le. This made it longer and now is specific to this one web site. If you do this for every site you now have a different password for everything you log into. And you can write down the first part. Just dont tell people your special secret for the end. I do not want to get into all the crazy math but this has made it so that a password cracking tool could take years to crack. They wont go that long. They will just take the ones that were cracked in four hours. There is not a good return on investment if they go for years after your password and then you may even change up to the first two letters and add them in now. Yes you want to switch it up once in a while. This also increases your security strength. So if your Twitter password is compromised they can not get into your Facebook because the passwords are different.
Try it out. See what works for you. Your security will fail faster on your part if you become lazy with security. You can not help it if one website gets attacked by Cyber Criminals. But now if one password is out in the open for use your have greatly reduced the impact to yourself.
Subscribe to:
Comments (Atom)