US-CERT Cyber Security Tip ST06-003 -- Staying Safe on Social Network Sites

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                          Cyber Security Tip ST06-003
                      Staying Safe on Social Network Sites

   The popularity of social networking sites continues to increase, especially
   among teenagers and young adults. The nature of these sites introduces
   security risks, so you should take certain precautions.

What are social networking sites?

   Social networking sites, sometimes referred to as "friend-of-a-friend"
   sites, build upon the concept of traditional social networks where you are
   connected to new people through people you already know. The purpose of some
   networking  sites  may  be  purely social, allowing users to establish
   friendships  or  romantic  relationships,  while  others  may focus on
   establishing business connections.

   Although the features of social networking sites differ, they all allow you
   to provide information about yourself and offer some type of communication
   mechanism (forums, chat rooms, email, instant messenger) that enables you to
   connect with other users. On some sites, you can browse for people based on
   certain criteria, while other sites require that you be "introduced" to new
   people through a connection you share. Many of the sites have communities or
   subgroups that may be based on a particular interest.

What security implications do these sites present?

   Social networking sites rely on connections and communication, so they
   encourage you to provide a certain amount of personal information. When
   deciding how much information to reveal, people may not exercise the same
   amount of caution as they would when meeting someone in person because
     * the internet provides a sense of anonymity
     * the lack of physical interaction provides a false sense of security
     * they tailor the information for their friends to read, forgetting that
       others may see it
     * they want to offer insights to impress potential friends or associates

   While  the  majority of people using these sites do not pose a threat,
   malicious people may be drawn to them because of the accessibility and
   amount  of personal information that's available. The more information
   malicious people have about you, the easier it is for them to take advantage
   of  you.  Predators  may  form  relationships online and then convince
   unsuspecting  individuals to meet them in person. That could lead to a
   dangerous situation. The personal information can also be used to conduct a
   social engineering attack (see Avoiding Social Engineering and Phishing
   Attacks for more information). Using information that you provide about your
   location,  hobbies,  interests,  and friends, a malicious person could
   impersonate a trusted friend or convince you that they have the authority to
   access other personal or financial data.

   Additionally, because of the popularity of these sites, attackers may use
   them to distribute malicious code. Sites that offer applications developed
   by third parties are particularly susceptible. Attackers may be able to
   create customized applications that appear to be innocent while infecting
   your computer or sharing your information without your knowledge.

How can you protect yourself?

     * Limit  the  amount  of personal information you post - Do not post
       information that would make you vulnerable, such as your address or
       information about your schedule or routine. If your connections post
       information about you, make sure the combined information is not more
       than  you  would  be  comfortable  with strangers knowing. Also be
       considerate when posting information, including photos, about your
       connections.
     * Remember that the internet is a public resource - Only post information
       you are comfortable with anyone seeing. This includes information and
       photos in your profile and in blogs and other forums. Also, once you
       post information online, you can't retract it. Even if you remove the
       information from a site, saved or cached versions may still exist on
       other people's machines (see Guidelines for Publishing Information
       Online for more information).
     * Be  wary  of  strangers - The internet makes it easy for people to
       misrepresent their identities and motives (see Using Instant Messaging
       and Chat Rooms Safely for more information). Consider limiting the
       people who are allowed to contact you on these sites. If you interact
       with people you do not know, be cautious about the amount of information
       you reveal or agreeing to meet them in person.
     * Be skeptical - Don't believe everything you read online. People may post
       false or misleading information about various topics, including their
       own identities. This is not necessarily done with malicious intent; it
       could be unintentional, an exaggeration, or a joke. Take appropriate
       precautions,  though,  and  try  to verify the authenticity of any
       information before taking any action.
     * Evaluate your settings - Take advantage of a site's privacy settings.
       The  default  settings for some sites may allow anyone to see your
       profile, but you can customize your settings to restrict access to only
       certain people. There is still a risk that private information could be
       exposed despite these restrictions, so don't post anything that you
       wouldn't  want  the  public to see. Sites may change their options
       periodically, so review your security and privacy settings regularly to
       make sure that your choices are still appropriate.
     * Be wary of third-party applications - Third-party applications may
       provide entertainment or functionality, but use caution when deciding
       which applications to enable. Avoid applications that seem suspicious,
       and  modify  your  settings to limit the amount of information the
       applications can access.
     * Use strong passwords - Protect your account with passwords that cannot
       easily  be guessed (see Choosing and Protecting Passwords for more
       information). If your password is compromised, someone else may be able
       to access your account and pretend to be you.
     * Check privacy policies - Some sites may share information such as email
       addresses or user preferences with other companies. This may lead to an
       increase in spam (see Reducing Spam for more information). Also, try to
       locate the policy for handling referrals to make sure that you do not
       unintentionally sign your friends up for spam. Some sites will continue
       to send email messages to anyone you refer until they join.
     * Keep software, particularly your web browser, up to date - Install
       software  updates so that attackers cannot take advantage of known
       problems  or  vulnerabilities  (see Understanding Patches for more
       information). Many operating systems offer automatic updates. If this
       option is available, you should enable it.
     * Use and maintain anti-virus software - Anti-virus software helps protect
       your computer against known viruses, so you may be able to detect and
       remove  the  virus  before it can do any damage (see Understanding
       Anti-Virus  Software  for more information). Because attackers are
       continually  writing  new  viruses,  it  is important to keep your
       definitions up to date.

   Children are especially susceptible to the threats that social networking
   sites present. Although many of these sites have age restrictions, children
   may misrepresent their ages so that they can join. By teaching children
   about internet safety, being aware of their online habits, and guiding them
   to appropriate sites, parents can make sure that the children become safe
   and  responsible  users  (see  Keeping  Children  Safe Online for more
   information).

   Related information
     * Socializing Securely: Using Social Networking Services
     _________________________________________________________________

   Author: Mindi McDowell
     _________________________________________________________________

   Produced 2006, 2009, 2011 by US-CERT, a government organization.

   Note: This tip was previously published and is being re-distributed
   to increase awareness.

   Terms of use

   http://www.us-cert.gov/legal.html

   This document can also be found at

   http://www.us-cert.gov/cas/tips/ST06-003.html

   For instructions on subscribing to or unsubscribing from this
   mailing list, visit http://www.us-cert.gov/cas/signup.html.  




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTUB9WD6pPKYJORa3AQKN5gf/T7LHfulKRglZ5CYC2RxYqWkloZp23m5w
+dvMELqX2PPtGsdy2ndUdIPlqHuWLsO62HmrKmEFFZUyv582mp7UI9GIR1FN+Swg
dzjA4Z84drk5REIAVTMwZiHJ34HknbMshU6X8fDLw09zQ/rBzzOsbT+CKpFkcTyL
MCXxwY4Rnana5w12gRXtqFP6hhlLDEJqPk25MEbYPcFPnn3JlECQlQnVxBHFED+B
cbUZJ/QJm+ilybe2NccMib3VCMcWDhBGi3vuaZ3C9PUTCIHDVQyoVCXlpwM6QCxj
Y+pE4X2MYXCumhMGC3xbnnznN7sbyv/Js6d1cztYh3ivKaCzdch3rg==
=q/Xl
-----END PGP SIGNATURE-----


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux