Social stupidity: Am I too social to be saved?
Though he's written about online security for six years, CSO Senior Editor Bill Brenner finds it's still hard to practice what the experts preach when it comes to social networking.
By Bill Brenner, Senior Editor
May 25, 2010 — CSO —
Since I've been writing about IT security for more than half a decade, one would think this stuff would come naturally to me by now. It used to be easier when all one had to do was stay away from e-mail attachments and links sent by strangers and let the IT guys deal with the rest.
Then social networking came along.
Facebook. Twitter. LinkedIn. Foursquare. I use all but the latter, and I'm finding it harder all the time to adopt the very best practices I've been writing about.
Also see Social Media Risks: The Basics
It's not that I don't try. I'm careful not to put information like my house address on there. I shun Facebook applications like Farmville and Mafia Wars because while they don't interest me anyway, more than a few security practitioners have told me they are easily exploitable by the dregs of online society.
I change my passwords regularly because I'm always worried that someone has figured it out, even though some smart people have argued that passwords are useless no matter what you do.
I can't for the life of me understand why anyone would use the fairly new Twitter feature that tells your followers the exact geographical location you are tweeting from, or why anyone would want to tell the world they're eating lunch at their local Olive Garden or shopping at Home Depot via the Foursquare application.
In both cases I'm reminded of a comment Bill Boni, VP of information security at T-mobile USA, made to me last year when I brought up Twitter: "Twitter's a great thing to use if you want to get your butt kidnapped." (Editor's note: We've tried to illustrate the point—see The Final 5 Tweets of Harold Wigginbottom, Tech-Savvy CEO.) Boni repeated the comment onstage during a panel discussion I was moderating, warning his audience, "Don't be a twit."
This morning I was flipping through the slides security researchers Tom Eston, Kevin Johnson and Robin Wood cooked up for the "Social Zombies: Your Friends Want to Eat Your Brains" presentations they gave at DEFCON 17 and ShmooCon.
The further in I got, the more I was hit with an uncomfortable realization. As careful as I am on these platforms, I still put my privacy at risk all the time. (For more on this, see "Six ways we gave up our privacy".)
When I go on a business trip I post about it, like when I traveled to New York City last week for a presentation, or when I went to San Francisco for RSA in March or Washington D.C. for ShmooCon in February.
ESSENTIAL READING
Social networks create new security risks to both corporate and individual data. These resources help clarify threats, create awareness, and find potential solutions.
Basic social media risks
7 deadly sins of social networking
Facebook, Twitter scams to avoid
Writing a social media security policy
Social network attacks tripled in '09
- The CISO's Survival Guide to Securing Data
- Data Privacy and Protection in Production Environments: New Research from Ponemon Institute
- FireEye Advanced Threat Protection KnowledgeVault
- Five Tips to Consider in a Data Security Strategy for Smartphones and Tablets
- Moving Your Email to the Trusted Cloud
- New PCI Tokenization Guidelines with QSA Expert
- #FFSec: Security pros to follow on Twitter, May 25
Follow these names on Twitter. Together, they make cyberspace a more secure place. (copy and paste) - Step right up and listen to the security barker
- Is the title 'security evangelist' really that bad?
More Salted Hash with Bill Brenner
