By Ben Rooney, staff reporterMay 25, 2010: 6:25 PM ET

NEW YORK (CNNMoney.com) — Facebook confirmed Tuesday that it will simplify its privacy settings, in a move aimed at quelling growing concerns over how much user information is exposed online.

“I can confirm that our new, simpler user controls will begin rolling out tomorrow (Wednesday). I can’t say more yet,” Andrew Noyes, a Facebook spokesman, said in a statement.

 

You can read the rest of the article to see what is being said.

Of course, Facebook has been talking about privacy settings for a long time. So has the press, pundits and bloggers. Not that I’m skeptical, or anything, but time will tell as to whether Facebook is truly making any useful changes.

While you are waiting for Facebook to make things simple, head on over to http://www.reclaimprivacy.org/ and use their scanner to help you identify and understand your current settings. The tool will also make some recommendations for you.

Was that a black helicopter that I just saw flying overhead?

- Dan

You really need to take a look at this article. It shows how Facebook has slowly and steadily made your privacy disappear.

You should carefully consider how this impacts you.

- Dan

It all sounded very nice.

That is, until I took a quick look at who this email was sent to.

The VP who sent this out put over 1200 email addresses in the CC field of this email. Thirty minutes later, he tried to “Recall” this message. (Recalls only work if the recipient is using the same email system as the sender. In this case, the sender was using Exchange, and I’m not…)

So, now I have over 1200 email addresses available to send spam to.

What’s the problem with this?

1. My email address is exposed to over 1200 other folks for them to use as they wish.
2. Most spam filters will block a message with over 10-15 recipients in the list. I’m surprised that this went through.
3. I work hard to keep that particular address from being available to others. Now at least 1200 other people have access to that one.
4. The credibility of the bank has just dropped. If they cannot protect my personal email address, am I to expect them to protect my personal banking info?

Yep, this is a fairly minor situation, but I’m left wondering if I should explore another bank to use…

- Dan

This post is not directly related to information security.

Ok. So I just watched the press conference and apology from Tiger Woods, and I saw something that we rarely see. He took confessed the wrongfulness of his actions, and took personal responsibility for what he did. He “has a lot to atone for.”

Here’s what I like…

• He admitted his wrongdoing, unfaithfulness and affairs.
• He said that he is the only person to blame.
• He had convinced himself that he was above the rules.

Here’s what I don’t like…

• An apology took waaaaay too long in coming.
• I wish that he had lived up to the expected behavior of a man, and never made the decisions that led to his unfaithfulness.
• An apology took waaaay too long in coming. (yep, I know that I am repeating myself…) I am aware that sometimes the process of accepting responsibility for sinful actions, and the need for confession, takes a while.

None of us should be so arrogant as to think that we could never fall. Each of us should take active steps to avoid situations and actions that lead to this.

- Dan

.

..

…

Now, pull all your credit cards out. Grab your debit cards, also.

Look at them closely. Can you identify where each one of them has been used?

Have you ever used your debit card for on-line transactions?

By spreading your credit and debit card numbers out across cyberspace, you are increasing your target profile, and increasing the risk of compromise.

Speaking from experience, you don’t want those numbers to be used without your permission.

Tip: Create a plan and strategy for the use of your cards.

Here are some things you can do. You may do some other things…

1. Never use your debit card for on-line transactions.

Different banks will give differing explanations about your liability for unauthorized transactions. Minimize your footprint.

2. Have one credit card that is only used for transactions you don’t fully control.

(such as on-line transactions or paying for dinner where you give your card to the server and it’s gone for 10 minutes…)

3. Closely monitor the charges to your cards.

Use the on-line tools your card issuer gives you to see what transactions appear.

4. Don’t write your PIN on the back of the debit card, and don’t give it to your kids to use.

Believe it or not, I just noticed that a friend had done this. It’s like writing the burglar alarm code on the door of your house.

5. Don’t use credit and debit cards.

This is somewhat like using the Google Opt-Out that was reported on the Onion News Network. Radical and gets the job done, but probably not all that practical!

These cards are like the keys to your financial kingdom. Guard them!

- Dan

The only redeeming factor was that we lived in the country and burned all of our paper trash.

But, have you ever known anyone to just toss a confidential document in the trash? What is considered “confidential“?

Here are some examples of what you should consider confidential…

• Anything with your Social Security number on it
• Anything with a credit card number on it
• Anything that is a credit application
• Anything with user accounts and passwords
• Anything with bank account numbers

Tip: Purchase a cross-cut shredder and shred confidential documents.

This will help to protect you from identity theft, or someone using your credit to make purchases.

Make you life easier. Shred those documents!

- Dan

I had breakfast this morning and was stunned to overhear someone on their cell phone give the administrative login credentials for the company website to someone else. They also very carefully spelled out the entire URL to the login page.

If I were not trustworthy, I could log into their website and cause havoc.

What’s the moral to this story? You never know who is listening to your conversations. Be careful what you share, and with whom you are sharing.

Let’s keep quiet with confidential information…

- Dan

Take a read of this article from Sophos. Simple Facebook flaw put all members at risk of identity theft

A flaw has existed in the Facebook security model that has allowed access to private information in a member’s “Basic Information” page.

The reminder cannot be made often enough… Be careful with your private information!

- Dan

Have you seen this on a website?

Twitter is often called a microblogging platform. I suppose it is. But, it also can be thought of as broadcast SMS (short message service). It’s kind of like text messaging on your cell phone.

I’ve been asked my opinion of using Twitter. What follows is a pseudo-random list of some of my thoughts. Not all of these are InfoSec related, but many of them are…

1. Don’t tweet things like, “I’m heading to the bathroom now”. Who really cares?
2. Twitter helps to foster a false sense of intimacy with others. Just like Facebook, you can follow many people you don’t really know. But by following them you get an idea of who they are the things they do or care about. This is a false intimacy.
3. Remember, everything you put on Twitter is searchable. The standard tweets are not private. Anyone can find what you tweet.
4. Many of your followers are bots. Put some popular words in a post – try “Obama” or “democrat” or “Rush” – in a post and watch the new followers. Many of these will be bots, not real people.
5. Don’t use your email address in a post. There are folks who have programs running that harvest these email addresses for the purpose of sending spam and phishing email.
6. Be aware of the picture you are painting with your tweets. I follow some folks who tweet about where they are at the moment, talk about their kids and activities, mention where they work, etc. By filtering out only their posts, I can put together a pretty accurate picture of their lives and loved ones. Not good… especially if a Bad Guy is gathering info.
7. If you hope to get your tweets re-tweeted, limit your tweet length to no more than 120 characters. This gives the re-tweeter room to add their own information.
8. Watch out for link spam. Don’t click on every link you seen in tweets from people you don’t really know.
9. Spend some time looking at current thoughts and trends on Twitter. Get an idea of how others are using it and why they are using it. If you want to use Twitter for your non-profit, research how other non-profits are using it. You will get some good ideas!
10. Realize that by default, anyone can follow you. If you don’t want someone to follow, you can block them.
11. Don’t share personally identifiable information – phone numbers, addresses, etc – in posts.
12. Use “Protect my updates” on your Twitter account page if you don’t want your posts to be on the public timeline.
13. Understand that you will see inappropriate words and language as you view the public timeline, and also from many folks you choose to follow.
14. There is a lot of noise. Your important broadcast message can get lost in the meaningless drivel. If expect someone to follow you for critical notifications, you need to keep in mind that if they follow more than just a few other folks, they will be swamped with tweets and most likely will miss your critical update.
15. If including URL’s, use a URL shortening service, like bit.ly, to shorten the URL. Bit.ly also provides some capabilities for gathering metrics about each shortened URL and the number of clicks on it.

And yes, I do Twitter. Here’s the link to me.

- Dan

Update: A friend suggested some other “use” types of thoughts that he would like to see on this list. Here they are…

1. Even though bots will follow, you need to remember that there are also real people. (This balances #4 above.)
2. Twitter can be used to host real-time chats, often bringing together opposing views on a common topic. The Tuesday evening #agchat discussions are an example of this.
3. The global search capabilities can be used to find like-minded people and foster on-line relationships.
4. Creative uses for Twitter, and other social networks, are up to the users. Twitter is medium. The message is up to you.
5. Finally, it is not unusual to have followers, or for you to follow, people with wildly divergent views. Use Twitter can be used to get your message out to folks who might not normally listen.

Happy Twitter-ing!

I have names and addresses of family, friends, co-workers and peers stored in mine. I also have my calendar on it. A Facebook app can be accessed and more information found. My ToDo list is stored on it. Other apps, such as OliveTree Bible Reader, Notes, Twitter all are on there too.

Amazing things can be learned about me from the information and applications that are on my cell phone.

Regardless of your role in life – staff or management, plumber or professor, pastor or teacher – your cell phone contains information about you and your life.

If the phone is lost or stolen, all that information is then available for whomever finds it. So, what’s a guy to do?

1. If your phone has remote wipe capabilities, make sure that you know how to use it. Windows Mobile, BlackBerry and iPhone all have the capability of remote wipes. If your phone is lost or stolen, use remote wipe to reset your phone.
2. If your phone has the ability to lock, use it. Often this takes the form of a passcode that must be entered before the main screen is displayed. The iPhone and Windows Mobile phones have this ability built-in.
3. Take special care when traveling. I’ve been in airports and seen cell phones left behind by hurried travelers. Several years ago, we had an employees leave his smartphone in a taxi. He had been in a hurry to make a meeting and wasn’t paying attention.

What things can be learned or inferred about you and your organization just from the information on your cell phone? Protect it!

- Dan