Users guide

Social Media Users Guide

I know not with what weapons World War III will be fought, but World War IV will be fought with

sticks and stones.Albert Einstein

By Darren Thomas and Aaron Vail

Revealed: The NSA’s Secret Campaign to Crack, Undermine Internet Security

Did you know...excerpts from an aricle written by Nicole Perlroth of the New York Times and Jeff Larson of ProPublica Sept 5, 2013

“Newly revealed documents show that the NSA has circumvented or cracked much of the encryption that automatically secures the emails, Web searches, Internet chats...”

“The project, referred to internally by the codename Bullrun, also includes efforts to weaken the encryption standards adopted by software developers...”

“NSA lost a public battle in the 1990s to insert its own “back door” in all encryption, it set out to accomplish the same goal by stealth.”

“The NSA began collaborating with technology companies in the United States and abroad to build entry points into their products.”

“to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world”

http://www.propublica.org/series/surveillance

http://www.propublica.org/series/surveillance

Revealed: The NSA’s Secret Campaign to Crack, Undermine Internet Security

Continued...excerpts from an aricle written by Nicole Perlroth of the New York Times and Jeff Larson of ProPublica Sept 5, 2013

“N.S.A., has been looking for ways into protected traffic of the most popular Internet companies: Google, Yahoo, Facebook and Microsoft’s Hotmail. By 2012, GCHQ had developed “new access opportunities” into Google’s systems, according to the document.”

“Some of the agency’s most intensive efforts have focused on the encryption in universal use in the United States, including , or SSL, , or VPNs, and the protection used on fourth generation, or 4G, smartphones”

“N.S.A. worked with company officials to get pre-encryption access to Microsoft’s most popular services, including Outlook e-mail, Skype Internet phone calls and chats, and SkyDrive Google, Yahoo and Facebook have pressed for permission to reveal more about the government’s secret requests for cooperation. ”

What to be aware of...

Technology and privacy are the two most important areas which will help foster a better “cybersecurity aware” society.

The more we understand the technology we use, and the way that technology can be attacked, the better we can mitigate the possibility of attack. Understanding how things work, will make us more aware.

Almost all digital devices store and use our personal information to provide authentication to email, bank, stock, insurance and credit cards. Unless secured these devices are easily exploited (compromised)

Our privacy is valuable. Be mentally present when providing sensitive information. Be suspicious of applications and communications requesting personal information, and information that provides authentication

cash to computer transactions has made our everyday activities easier and speedier, reliance on the internet has opened the doors to fraud and cyber attacks.


The following charts were borrowed from Hackmageddon.com and very up to date at the time this presentation was being put together. They relay some information regarding the nature of cyber attacks. The following are aggregate statistics for May 2014.







Good Social Networking Habits!

Common sense, caution and skepticism are some of the strongest tools you have to protect yourself...

Registering an account:

a strong password different from the passwords you use to access other sites.

If you are asked to provide security questions, use information that others would not know about you.

Never provide a work-associated email to a social network, especially when signing up

Consider creating a new email address strictly to connect with your social networking profile

Consider not using your real name, especially your last name. Be aware that this may violate the terms of service of some social networks. Continued...



Registering an account: continued...

Review the privacy policy and terms of service before signing up for an account.—it may provide information regarding the use of your private information and who it may be shared with.

keep strong anti virus and spy-ware protection on your computer.

Provide only information that is necessary or that you feel comfortable providing. When in doubt, err on the side of providing less information.

During the registration process, social networks often solicit a new user to provide an email account password so the social network can access the user’s email address book.--To be safe, don’t provide this information



Tips of using Social Networks...

Familiarize yourself with the privacy settings available on any social network you use. On Facebook, make sure that your default privacy setting is " Friends Only". Alternatively, use the "Custom" setting and set to maximum privacy.

Don’t share your birthday, age, or place of birth. This information could be useful to identity thieves and to data mining companies

I.Study done by the Carnegie Mellon found that Social Security numbers can be predicted based on publicly-available information, including your birthday, age and place of birth. The Social Security Administration began randomized numbers on June 25, 2011. continued...




Stay aware of changes to a social network’s terms of service and privacy policy. Changes may affect the visibility of your profile information

Be careful when you click on shortened links. Consider using a URL expanderExamples of URL expander: LongURL, Clybs URL Expander and Long URL

Be very cautious of pop-up windows, especially any that state your security software is out of date or that security threats and/or viruses have been detected on your computer.

Delete cookies, including flash cookies, every time you leave a social networking site. Continued...




Be mindful and in the present-whatever goes on a network might eventually be seen by people not in the intended audience

Don’t publicize vacation plans, especially the dates you’ll be traveling

be careful when posting any sort of location or using geotagging features because criminals may use it to secretly track your location.--keep your routines secret as well

Don’t post your address, phone number or email address on a social network. Remember scam artists as well as marketing companies may be looking for this kind of information. If you do choose to post any portion of this, use privacy settings to restrict it to approved contacts. Continued...




Use caution when using third-party applications. Applications offered by Face-book for instance. For the highest level of safety and privacy, avoid them completely.

Whatapp?: rates applications, browsers, platforms and social networks on privacy, security and openness.

If you receive a request to connect with someone and recognize the name, verify the account holder’s identity before accepting the request. (phone call, email confirmation...etc.)




If you receive a connection request from a stranger, the safest thing to do is to reject the request.

Adopt a zero tolerance for requests for money, even if they are from contacts you know and trust. If a contact’s account is compromised, a scam artist may use his or her name and account to attempt to defraud others

report it to the site immediately and alert your contacts if you feel your profile information has been compromised

You will need to change passwords, but proceed with caution because your computer security may have been compromised as well. Don't use that same machine. It may be infected with a virus, trojan or worm. Continued...




Malware, including key-logging software, may have been installed on your computer. If you use online banking, do not log on from the computer that may have been compromised

If you are using a social networking site that offers video chatting, pay attention to the light on your computer that indicates whether or not your web-cam is in use.

Be sure to log off from social networking sites when you no longer need to be connected. This may reduce the amount of tracking of your web surfing

As a general rule, before posting something on a social networking profile, imagine it displayed on a billboard on the side of a highway.




Social networks themselves do not necessarily guarantee the security of the information that has been uploaded to a profile, even when those posts are set to be private.

It can work both ways…

anonymity is a useful tool for anyone who prefers to keep a strict separation between an online persona and an off-line identity. It can also be used by individuals trying to shield their identities while engaging in illegal activities

If you are considering a pseudonymous (using a false name) profile, refer to the terms of service for the social networking site. Providing false or incomplete information violates the terms of service of some social networking sites

What can You do?

Here are a few things that you can do to help protect yourself:

• Be knowledgeable

• Know what information you are giving and who can see it

• Be proactive

• Choose security and privacy settings that are secure

• Be vigilant

• Keep an eye on changes

Facebook

• Facebook is the largest social media web site

• It has over 1,310,000,000 active users!

• If it was a country, it would be the second largest

• And as such, we are going to pick on it

FacebookA lot of personal information is required to sign up for Facebook.

FacebookThey wouldn’t let me use “John Doe” as a name

FacebookMore personal information they want you to include.

Facebook Settings YOU should be aware ofThis was a brand new account. All settings are their defaults.

Link if video does not work https://www.youtube.com/watch?v=xlGCPagdgYE

Is your data ever gone?

When you delete something from your computer, a flag is simply switched from “Do not overwrite” to “Can be overwritten.”

The file still exists on your hard drive

Software available for free called Recuva can bring it back

What about on the internet?

Internet Data

You are NOT in control of data on the internet

Your data lives on servers, which are basically very powerful computers.

If you request your data deleted, it is up to the company in charge of your data to erase/delete it.

But is it truly gone if the company does erase it?

Internet Wayback Machinehttp://archive.org/web/

The Internet Archive Wayback Machine saves copies of web pages in case they get changed or deleted.

Try it out for yourself.

https://web.archive.org/web/20130403110212/http://aaroncvail.com

Aaroncvail.com was a website I had for quite awhile but couldn’t justify the cost to keep it around. While the images are gone, the text remains.

http://www.dotrights.org/social-networking



Overview

• Never assume what you send is truly private

• Be smart about what services you use

• Be vigilant to changes in policy

• Know what you are doing and why

• Scrutinize your habits to determine if they are unsafe

Bibliography

• www.dotrights.org/social-networking• www.eff.org/wp/effs-top-12-ways-protect-your-online-privacy• http://epic.org/privacy/socialnet/• http://getnetwise.org/• www.tosback.org/timeline.php • http://www.consumerreports.org/cro/magazine/2012/06/facebook-your-privacy/index.htm• Privacy & Safety on Facebook-A Guide for Survivors of Abuse• http://www.slipstick.com/outlook/safe-reading-pane/• http://www.bullguard.com/bullguard-security-center/internet-security/social-media-dangers/social-media-se

curity-abc.aspx• http://www.staysafeonline.org/stay-safe-online/protect-your-personal-information/id-theft-and-fraud#sthash

.j8O9bYyu.dpuf• http://www.propublica.org/article/privacy-tools-encrypt-what-you-can• http://hackmageddon.com/2014/06/11/may-2014-cyber-attack-statistics/• http://www.networkworld.com/article/2363212/security-leadership/security-training-is-lacking-here-are-tips-

on-how-to-do-it-better.html • http://www.thenational.ae/thenationalconversation/editorial/your-cyber-security-requires-

awareness#ixzz34oXsGDsB • http://www.propublica.org/series/surveillance• http://journalistsresource.org/skills/research/chat-peter-singer-brookings-cybersecurity-media?

utm_source=JR-email&utm_medium=email&utm_campaign=JR-email#sthash.Kq8hUXG8.dpuf• http://www.statisticbrain.com/facebook-statistics/• http://en.wikipedia.org/wiki/Country_populations

http://www.dotrights.org/social-networking

http://www.eff.org/wp/effs-top-12-ways-protect-your-online-privacy

http://epic.org/privacy/socialnet/

http://getnetwise.org/

http://www.tosback.org/timeline.php

http://www.consumerreports.org/cro/magazine/2012/06/facebook-your-privacy/index.htm

https://fbcdn-dragon-a.akamaihd.net/hphotos-ak-prn1/851584_613437522011141_1298974833_n.pdf

http://www.slipstick.com/outlook/safe-reading-pane/

http://www.bullguard.com/bullguard-security-center/internet-security/social-media-dangers/social-media-security-abc.aspx

http://www.bullguard.com/bullguard-security-center/internet-security/social-media-dangers/social-media-security-abc.aspx

http://www.staysafeonline.org/stay-safe-online/protect-your-personal-information/id-theft-and-fraud#sthash.j8O9bYyu.dpuf

http://www.staysafeonline.org/stay-safe-online/protect-your-personal-information/id-theft-and-fraud#sthash.j8O9bYyu.dpuf

http://www.propublica.org/article/privacy-tools-encrypt-what-you-can

http://hackmageddon.com/2014/06/11/may-2014-cyber-attack-statistics/