This page contains a Flash digital edition of a book.
As soon as you have real-world contact, then social networking impersonation becomes trivial


machine, LinkedIn has great value to make it look credible.”


Also Known As…


Hollis recommends avoiding the truth as much as possible. “I always fi nd myself advocating aliases and bad data”, he says. He maintains three aliases; many of his 26 staff have as many as seven, for which they track names, addresses, proxy servers, and authentication.


Via spokespeople, Facebook and LinkedIn both stress that they take privacy and safety seriously, and offer security advice to users that boils down to this: choose good passwords, be suspicious of links, and use the supplied privacy controls. But this advice only scratches the surface – just looking at your friends list can be very revealing, especially when compared across services.


Charman-Anderson recalls, for example,


Andy Dancer


a 2005 exercise in which someone began by scraping a friend’s list from Flickr and by following those friends and cross-referencing, was able to build up a detailed picture of who that person’s core friends were. “It was disturbing how far he could get with a very small starting point”, she says. “So the problem with feeding false data to profi les is the illusion of security – the risk that those people start saying more than they would otherwise. The user patterns for different accounts are going to be blindingly obvious. You’re not going to put the same time into an account with false information as into a real one.”


Hollis has to admit this, too: “You can’t get around your personality. It will shine through any alias.”


Charman-Anderson believes it’s very important to regularly review your friends list, as many people will friend anyone who asks, putting all their friends’ information at risk.


November 2011 research from the University of British Columbia in Vancouver confi rms this: bots with fake profi les sent friend requests to over 5,000 randomly selected Facebook users. In the fi rst round, 19% accepted; in a second round sent out to 3,000-plus friends of those new friends, 59% accepted. In all, the bots harvested some 250Gb of personal information.


“If you’re giving out any kind of personal information you need to do it with people you actually know”, says Charman- Anderson. “It’s so counter to the messages that social media companies give out that I think the vast majority of people aren’t going to learn until they’ve been diddled.”


 


JULY/AUGUST 2011 /// VOL 4 /// ISSUE 4 STRATEGY /// INSIGHT /// TECHNIQUE WWW.INFOSECURITY-MAGAZINE.COM


You are what you are


Why biometrics is increasingly chosen to authenticate


Infosec salaries /// Smartphone Security /// Spotlight on Technology JULY/AUGUST 2011 /// VOL 4 /// ISSUE 4


STRATEGY /// INSIGHT /// TECHNIQUE WWW.INFOSECURITY-MAGAZINE.COM


>> >> >> >>


Infosec Professionals


How are your skill requirements changing with cloud and mobility?


Underground Cybercrime /// Political Net Censorship /// Chinese Cyber Warfare? 38


 





 





January/February 2012


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60